Pages

Sunday, January 11, 2009

Hack viewstate

Posted by venky at Sunday, January 11, 2009
HI all here is the code to decrypt the viewstate data ...Check out

 
  using System;

   using System.Web;

   using System.Web.UI;

   using System.Web.UI.HtmlControls;

   using System.Web.UI.WebControls;

 

 ///

  23: /// Hacking ViewState:

  24: /// Because isn’t formatted as clear text, many ASP.NET programmers assume that their

  25: /// view state data is encrypted. It isn’t. A clever hacker could reverse-engineer this string and examine

  26: /// your view state data in a matter of seconds (here how).

  27: ///

  28: public partial class _Default : System.Web.UI.Page

  29: {

  30:     protected void Page_Load(object sender, EventArgs e)

  31:     {

  32:         Page.Title = "Firenze : ViewState automated hacking tool";

  33:         TextBox UITextBox = new TextBox();              // Create a TextBox Item

  34:        

  35:         // Set properties

  36:         UITextBox.TextMode = TextBoxMode.MultiLine;

  37:         UITextBox.Wrap = true;

  38:         UITextBox.Rows = 10;

  39:         UITextBox.Width = 300;

  40:         UITextBox.ID = "UIViewStateCode1";

  41:         UITextBox.CssClass = "viewStateBox";

  42:         UITextBox.Text = "ViewState Goes here";

  43: 

  44:         // Show through UIReader1 (PlaceHolder)

  45:         UIReader1.Controls.Add(UITextBox);

  46: 

  47:         // UIButton properties

  48:         UIButton1.Text = "Decode ViewState";

  49:         UIButton1.Width = UITextBox.Width;

  50: }

  51: 

  52:     ///

  53:     /// UIButton1_Click Event Handler

  54:     ///

  55:     ///
object

  56:     /// EventArgs

  57:     protected void UIButton1_Click(object sender, EventArgs e)

  58:     {

  59:         // Check if a TextBox Control exist within the page

  60:         TextBox RetriviedControl = null;

  61:         try

  62:         {

  63:             RetriviedControl = (TextBox)Page.FindControl("UIViewStateCode1");

  64:             UILiteral.Text = ReadViewState(RetriviedControl.Text);

  65:         }

  66:         catch (NullReferenceException)

  67:         {

  68:             UILiteral.Text = "Can find textbox control, giving up..";

  69:         }

  70:     }

  71:    

  72:     ///

  73:     /// TheViewState contains the view state information.

  74:     /// Convert the Base64 string to an ordinary array of bytes

  75:     /// representing ASCII characters.

  76:     ///

  77:     /// System.String - ViewState

  78:     /// System.String - Human readeable Code

  79:     protected internal string ReadViewState(string theViewState)

  80:     {

  81:         string decodedViewState = string.Empty;

  82:         try

  83:         {

  84:             byte[] stringBytes = Convert.FromBase64String(theViewState);                    // Create an Array of bytes      

  85:             decodedViewState = System.Text.Encoding.ASCII.GetString(stringBytes);           // Enconde 7bit set

  86:         }

  87:         catch (System.FormatException)

  88:         {

  89:             return "Sorry, Looks like you were looking for something i can't read";

  90:         }

  91:         return decodedViewState;

  92:     }

  93: }

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)