General Information

Execution of Unvalidated Dormant Server Controls

Variants:
Direct 

Also Known As:
EodSec

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
ASP.Net, Mono, JSF

Target Type:
Web Application

Affected Mechanisms:
Privilege Validation, Digital Signatures, Web Application Configuration

Invented In:
15/03/2013

Added In:
04/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Execute dormant events of invisible or disabled server-side web controls by sending the control name hidden parameter and abusing the lack of event validation restrictions.


Direct Variant:

Execution of Unvalidated Dormant Server Controls

Variant Title:
Execution of Unvalidated Dormant Server Controls

Typical Severity:
Major

Learn More: