using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
///
23: /// Hacking ViewState:
24: /// Because isn’t formatted as clear text, many ASP.NET programmers assume that their
25: /// view state data is encrypted. It isn’t. A clever hacker could reverse-engineer this string and examine
26: /// your view state data in a matter of seconds (here how).
27: ///
28: public partial class _Default : System.Web.UI.Page
29: {
30: protected void Page_Load(object sender, EventArgs e)
31: {
32: Page.Title = "Firenze : ViewState automated hacking tool";
33: TextBox UITextBox = new TextBox(); // Create a TextBox Item
34:
35: // Set properties
36: UITextBox.TextMode = TextBoxMode.MultiLine;
37: UITextBox.Wrap = true;
38: UITextBox.Rows = 10;
39: UITextBox.Width = 300;
40: UITextBox.ID = "UIViewStateCode1";
41: UITextBox.CssClass = "viewStateBox";
42: UITextBox.Text = "ViewState Goes here";
43:
44: // Show through UIReader1 (PlaceHolder)
45: UIReader1.Controls.Add(UITextBox);
46:
47: // UIButton properties
48: UIButton1.Text = "Decode ViewState";
49: UIButton1.Width = UITextBox.Width;
50: }
51:
52: ///
53: /// UIButton1_Click Event Handler
54: ///
55: ///
object
56: /// EventArgs
57: protected void UIButton1_Click(object sender, EventArgs e)
58: {
59: // Check if a TextBox Control exist within the page
60: TextBox RetriviedControl = null;
61: try
62: {
63: RetriviedControl = (TextBox)Page.FindControl("UIViewStateCode1");
64: UILiteral.Text = ReadViewState(RetriviedControl.Text);
65: }
66: catch (NullReferenceException)
67: {
68: UILiteral.Text = "Can find textbox control, giving up..";
69: }
70: }
71:
72: ///
73: /// TheViewState contains the view state information.
74: /// Convert the Base64 string to an ordinary array of bytes
75: /// representing ASCII characters.
76: ///
77: /// System.String - ViewState
78: ///
79: protected internal string ReadViewState(string theViewState)
80: {
81: string decodedViewState = string.Empty;
82: try
83: {
84: byte[] stringBytes = Convert.FromBase64String(theViewState); // Create an Array of bytes
85: decodedViewState = System.Text.Encoding.ASCII.GetString(stringBytes); // Enconde 7bit set
86: }
87: catch (System.FormatException)
88: {
89: return "Sorry, Looks like you were looking for something i can't read";
90: }
91: return decodedViewState;
92: }
93: }
0 comments:
Post a Comment