General Information

Unsigned Server Side Control Property Injection

Variants:
Direct 

Also Known As:
EoDSeC

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
ASP.Net, Mono, JSF

Target Type:
Web Application

Affected Mechanisms:
Privilege Validation, Digital Signatures, Web Application Configuration

Invented In:
15/03/2013

Added In:
04/12/2014


Vector Operation Method:
Malicious unsigned viewstate inputs can update, add or override server-side control properties


Direct Variant:

Unsigned Server Control Property Injection

Variant Title:
Unsigned Server Control Property Injection

Typical Severity:
Major

Learn More: