ASP.NET¶ÁÈ¡ASPÉèÖõÄCookie
ÕâÀàÎÊÌâͨ³£ÔÚÕûºÏ»ò¶þ´Î¿ª·¢ASPÍøվʱÓöµ½¡£°´³£ÀíÀ´Ëµ£¬ä¯ÀÀÆ÷µÄCookie´æ·ÅÔÚ¿Í»§¶Ë£¬Êµ¼ÊÉÏÓë·þÎñ¶ËʹÓÃʲôÓïÑÔÎ޹أ¬µ«ÎÒÃÇÔÚʵ¼Ê²Ù×÷¹ý³ÌÖУ¬×Ü»áÓöµ½Ò»Ð©ÒâÏë²»µ½µÄÎÊÌâ¡£
1. µ±ASPдµÄCookieµÄKeyÖдøÓÐÏ»®Ïߣ¬ÀýÈçÎÒÃÇÔÚASPÖÐÕâÑùÉèÖÃCookie:
Response.Cookies("Admin_User")="¹ÜÀíÔ±";
ÄÇôÔÚaspx.csµÄÒ³Ã棬ʹÓÃRequest.Cookie["Admin_User"] £¬ÊÇÔõô¶¼¶Á²»µ½µÄ¡£ÔÚÕâÀïÎÒдÁËÒ»¸öÑ»·£¬½«µ±Ç°cookieµÄËùÓÐNameÓëValue¶¼Êä³öÁËÒ»±é£¬·¢ÏÖÏ»®Ïß“_”ÒѾתÒå³ÉÁË“%5F”£¬¶øʹÓÃRequest.Cookie["Admin%5FUser"] ¾Í¿ÉÒԵõ½ÎÒÃÇÏëÒªµÄ“¹ÜÀíÔ±”ÁË¡£
Óöµ½ÀàËÆÎÊÌâµÄÅóÓÑ£¬²»·Á×öÕâÑùµÄ³¢ÊÔ¡£
2. »¹ÐèҪעÒâÖÐÎÄÂÒÂëµÄÎÊÌ⣬²»¹ÜÎÒ½«×Ö·û¼¯ÉèÖÃΪGB2312£¬»¹ÊÇGBK£¬ÉõÖÁÊÇUTF-8¶¼Ã»·¨»ñµÃÕýÈ·µÄÖÐÎÄ£¬Êµ¼ÊÉÏÎÊÌâ³öÔÚASPÄDZߣ¬ASPÒ³ÃæÏÔʾ¼òÌåÖÐÎÄʱ£¬ÐèÒªÉèÖÓ´úÂëÒ³”£¨Ëü¿É¶Áд£¬ÕûÐÍÊý£¬ÓÃÓÚ±íʾÏÔʾҳÄÚÈݵÄ×Ö·û¼¯£¬¼òÌåÖÐÎÄΪ936£¬ÈÕÎÄΪ932£¬ANSIΪ1252£©¡£
string cookie = System.Web.HttpUtility.UrlDecode(Request.Cookies["Admin%5FUser"].Value, System.Text.Encoding.GetEncoding(936));
ʹÓÃÒÔÉϵķ½Ê½£¬±ã¿ÉÒÔ»ñÈ¡°üº¬ÖÐÎĵÄCookieÁË¡£
Ïà¹ØÎĵµ£º
ASP.NET´úÂëÓÅ»¯Ò»¡¢Ò³ÃæºÍ·þÎñÆ÷¿Ø¼þ´¦Àí
1¡¢ASP.NET´úÂëÓÅ»¯±ÜÃâµ½·þÎñÆ÷µÄ²»±ØÒªµÄÍù·µÐгÌ
ÔÚijЩÇé¿öϲ»±ØʹÓà ASP.NET ·þÎñÆ÷¿Ø¼þºÍÖ´Ðлط¢Ê¼þ´¦Àí¡£ÀýÈ磬ÔÚ ASP.NET ÍøÒ³ÖÐÑéÖ¤Óû§ÊäÈë¾³£¿ÉÔÚÊý¾ÝÌá½»µ½·þÎñÆ÷֮ǰÔÚ¿Í»§¶Ë½øÐС£Í¨³££¬Èç¹û²»ÐèÒª½«ÐÅÏ¢´«µÝµ½·þÎñÆ÷ÒÔ½øÐÐÑéÖ¤»ò½«ÆäдÈëÊý¾Ý´æ´¢Çø£¬Çë±ÜÃâÊ ......
Trustwave's SpiderLabs Security Advisory TWSL2010-001:
Multiplatform View State Tampering Vulnerabilities
Published: 2010-02-08 Version: 1.1
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frame ......
ÔÚʹÓÃasp.net±àдwebserviceʱ£¬Ä¬ÈÏÇé¿öÏÂÊDz»Ö§³ÖsessionµÄ£¬µ«ÎÒÃÇ¿ÉÒÔ°ÑWebMethodµÄEnableSessionÑ¡ÏîÉèΪtrueÀ´ÏÔʽµÄ´ò¿ªËü£¬Çë¿´ÒÔÏÂÀý×Ó£º
1 н¨ÍøÕ¾WebSite
2 н¨web·þÎñWebService.asmx£¬Ëü¾ßÓÐÒÔÏÂÁ½¸ö·½·¨£º
C#-Code:
[WebMethod(EnableSession = true)]
public string Login( ......
½øÈ¥º®¼Ù£¬ÓÉÓÚÒ»¸ö»ë»ëججµÄѧÆÚ½áÊøÁË£¬²»ÏëÁî×Ô¼º¼ÌÐø³ÁÄçÔÚÄÇ»èÌìºÚµØÖ®ÖУ¬ÓÚÊÇÈ¥Library½èÁËÒ»±¾ºÜºñºÜÖصÄC# ASP.NETµÄÊ飬¸½¹âÅÌ¡£ÓÐȤµÄ£¬ÎÒÓÃÀúÀ´Ñ§Ï°¿Î±¾ÖªÊ¶µÄ·ÅѧѧϰC#ºÍÊìϤVS»·¾³£¬»¹×öÁ˲»ÉÙ¶ÁÊé±Ê¼Ç£¬°¥£¬ÕæµÄûÄǸö±ØÒª°¡£¬²»¹ý¿´ÁË1-2ÖÜÖ®ºó£¬¶ÔÓÚ·þÎñÆ÷¶Ë¿Ø¼þµÄÈ·ÊÇÊìϤ²»ÉÙ£¬¶ÔÓڱ߽߱ŽŵÄһЩҳÃæ ......
±¾ÎĽéÉܵÄÕâ¸ö¹¦ÄÜÊÇ£º½ûÓÃÒ³Ã滺´æµÄ½â¾ö·½·¨£¬ÊÊÓÃÓÚIEºÍFireFoxä¯ÀÀÆ÷Ï£¬ÔÚweb¿ª·¢ÖкÏÀíʹÓûº´æ¿ÉÒÔÓÐЧµÄÌá¸ßÍøÕ¾µÄÐÔÄÜ£¬µ«ÊÇÔÚijЩ³¡ºÏÏÂÒòΪ»º´æµÄ´æÔÚ»á´øÀ´ºÜ¶àµÄÎÊÌâ¡£ÀýÈ磺ÒòΪ»º´æµÄ´æÔÚ»áÔì³ÉÖظ´Ìá½»Êý¾ÝµÄÎÊÌ⣬ÑéÖ¤ÂëͼƬ²»ÄÜÕýÈ·ÏÔʾµÄÎÊÌ⣬µÈµÈ¡£Õâ¸öʱºòÎÒÃǾÍÒª½ûÓÃÒ³Ã滺´æµÄ¹¦ÄÜ¡£&nbs ......
