[Owasp-leaders] .Net post back

Larry Conklin larry.conklin at owasp.org
Thu Feb 23 18:14:25 UTC 2017


I am looking for anyone who has attack an web page by faking a post back.
The idea here is on first request of the page user is validated to have
access to page. On post backs the user is already consider to be valid. The
attack would be to fake the web site into thinking the request is a post
back so page doesn't validate user to see if they have access to this page
in the web site. aspx web site using IIS.

Thanks for any feedback.
Larry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170223/bfc4e787/attachment.html>


More information about the OWASP-Leaders mailing list