Execution of Unvalidated Dormant Server Controls
Variants:
Direct
Also Known As:
EodSec
Vector Type:
Attack
Relevance:
Technology Specific
Layer:
Application-Level
Platforms:
ASP.Net, Mono, JSF
Target Type:
Web Application
Affected Mechanisms:
Privilege Validation, Digital Signatures, Web Application Configuration
Invented In:
15/03/2013
Added In:
04/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Execute dormant events of invisible or disabled server-side web controls by sending the control name hidden parameter and abusing the lack of event validation restrictions.
