Unsigned Server Side Control Property Injection
Variants:
Direct
Also Known As:
EoDSeC
Vector Type:
Attack
Relevance:
Technology Specific
Layer:
Application-Level
Platforms:
ASP.Net, Mono, JSF
Target Type:
Web Application
Affected Mechanisms:
Privilege Validation, Digital Signatures, Web Application Configuration
Invented In:
15/03/2013
Added In:
04/12/2014
Vector Operation Method:
Malicious unsigned viewstate inputs can update, add or override server-side control properties
