Asp.Net – Page 6 – WindowsTechs.com

How to lock IIS server files through a shell?

Posted on September 23, 2019 by Unedited Reality

After uploading a shell to a .net site (.aspx extensions) and get it to work, is there any way to execute a command through that shell to prevent the upload of any other shell?

Continue reading How to lock IIS server files through a shell?→

Should HTTP_COOKIE, __RequestVerificationToken, _RequestVerificationToken and .ASPXAUTH be kept secret?

Posted on September 9, 2019 by TEST tEsT

Inside our ASP.NET MVC-4 web application, we have added the Elmah error logging, and I wrote a code to prevent the Elmah from exposing the user password inside the error file. But inside the Elmah error file, I can see other … Continue reading Should HTTP_COOKIE, __RequestVerificationToken, _RequestVerificationToken and .ASPXAUTH be kept secret?→

How to implement Anti-CSRF method?

Posted on August 2, 2019 by Akash Daniel

I have created a ASP.NET project and I want to implement Anti-CSRF method in my project. How to do that?

Continue reading How to implement Anti-CSRF method?→

How could ASP.NET forms authentication session leak into a different site?

Posted on May 23, 2019 by user3280964

We’re dealing with a vulnerability where a forms authentication from one site can be used within a separate site. I can’t figure out how is IIS or ASP.NET allowing this to occur

Steps:

Login to site1.domain.com as user “a… Continue reading How could ASP.NET forms authentication session leak into a different site?→

Why are ASP.NET form authentication cookies deleted only on client side if client side can’t be trusted?

Posted on May 22, 2019 by user3280964

ASP.NET documentation says:

FormsAuthentication.SignOut()

Removes the forms-authentication ticket from the browser

Why is the cookie not invalidated at the server as well? It would be easy to implement. After al… Continue reading Why are ASP.NET form authentication cookies deleted only on client side if client side can’t be trusted?→

PHP code execution attempts on an ASP website

Posted on May 7, 2019 by Mrj

I found multiple PHP code execution attempts on my web server, which is running on asp. What happens when one attempts to execute php code on an asp web server? Will this create an impact on the server, and is there any chanc… Continue reading PHP code execution attempts on an ASP website→

Open Redirect in asp [on hold]

Posted on January 31, 2019 by Tushar

Need to know whether HTTP_HOST in below code comes from user or it is taken from server request itself and not user input

Request.ServerVariables(“HTTP_HOST”)

Continue reading Open Redirect in asp [on hold]→

Get all active ASP.NET Session ID’s as an attacker

Posted on January 20, 2019 by joshkmartinez

When a user logs into my ASP.NET application an ASP.NET_SessionId is assigned to them. This means that, potentially, an attacker could impersonate a user by using their SessionId in requests (sending the id as a cookie).
I kn… Continue reading Get all active ASP.NET Session ID’s as an attacker→

How to convert this .NET cryptography code to openssl command?

Posted on January 15, 2019 by user

how to sign the message with the private key of the signer using openssl command line tool to get the same result as the code below?

using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificate… Continue reading How to convert this .NET cryptography code to openssl command?→