Blog

cyber security companies | penetration testing brisbane | managed security service provider | cyber security consultant
April 1, 2020

Exploiting ASP.NET ViewState Misconfigurations for Remote Code Execution

This post explores how an ASP.NET project incorrectly disclosing its web.config containing static keys allows for remote code execution. The common cases for exploiting this vulnerability would be if the web application has published it’s static machine keys to GitHub, such as with the example project for this post (https://github.com/ozajay0207/EGVC) or if the application has… Continue reading Exploiting ASP.NET ViewState Misconfigurations for Remote Code Execution

Read More