Execution of Signed Dormant Server Controls via Cache Reuse
Variants:
Direct
Also Known As:
EoDSeC
Vector Type:
Attack
Relevance:
Technology Specific
Layer:
Application-Level
Platforms:
ASP.Net, Mono, JSF
Target Type:
Web Application
Affected Mechanisms:
Privilege Validation, Digital Signatures, Web Application Configuration
Invented In:
15/03/2013
Added In:
04/12/2014
Vector Operation Method:
Execute dormant events of invisible or disabled server-side web controls in signature protected locations by reusing signed viewstate and eventvalidation fields obtained from web cache or user cache.
