General Information

Execution of Unsigned Dormant Server Controls

Variants:
Direct 

Also Known As:
EodSec

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
ASP.Net, Mono, JSF

Target Type:
Web Application

Affected Mechanisms:
Privilege Validation, Digital Signatures, Web Application Configuration

Invented In:
15/03/2013

Added In:
04/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Execute dormant events of invisible or disabled server-side web controls by reconstructing the structure of unsigned viewstate and event validation fields


Direct Variant:

Execution of Unsigned Dormant Server Controls

Variant Title:
Execution of Unsigned Dormant Server Controls

Typical Severity:
Major

Learn More: