ASP.NET °²È«ÈÏÖ¤
ASP.NET °²È«ÈÏÖ¤£¨Ò»£©—— ÈçºÎÔËÓà Form ±íµ¥ÈÏÖ¤
ASP.NET °²È«ÈÏÖ¤£¨¶þ£©——Áé»îÔËÓà Form ±íµ¥ÈÏÖ¤ÖÐµÄ deny Óë allow ¼°±£»¤ .htm µÈÎļþ
ASP.NET °²È«ÈÏÖ¤£¨Èý£© ——ÓÃForm ±íµ¥ÈÏ֤ʵÏÖµ¥µãµÇ¼£¨Single Sign On£©
ASP.NET °²È«ÈÏÖ¤£¨ËÄ£©Form ÈÏÖ¤µÄ²¹³ä
Ïà¹ØÎĵµ£º
Trustwave's SpiderLabs Security Advisory TWSL2010-001:
Multiplatform View State Tampering Vulnerabilities
Published: 2010-02-08 Version: 1.1
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frame ......
using System;
using System.ComponentModel;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace ZZZ.WebControls
{
[DefaultProperty("Text"), ToolboxData("<{0}:PageNavigate runat=\"server\" />")]
public class PageNavigate : WebControl, IPostBackEventHandler
{
......
WebÒ³ÃæÊÇÎÞ״̬µÄ£¬ ·þÎñÆ÷¶Ôÿһ´ÎÇëÇó¶¼ÈÏΪÀ´×Ô²»Í¬Óû§£¬Òò´Ë£¬±äÁ¿µÄ״̬ÔÚÁ¬Ðø¶ÔͬһҳÃæµÄ¶à´ÎÇëÇóÖ®¼ä»òÔÚÒ³ÃæÌøתʱ²»»á±»±£Áô¡£ÔÚÓÃASP.NET Éè¼Æ¿ª·¢Ò»¸öWebϵͳʱ£¬ Óöµ½Ò»¸öÖØÒªµÄÎÊÌâÊÇÈçºÎ±£Ö¤Êý¾ÝÔÚÒ³Ãæ¼ä½øÐÐÕýÈ·¡¢°²È«ºÍ¸ßЧµØ´«ËÍ£¬Asp.net ÌṩÁË״̬¹ÜÀíµÈ¶àÖÖ¼¼ÊõÀ´½â¾ö±£´æºÍ´« ......
ASP.NETÖÐʹÓÃweb.configÅäÖÃÊý¾Ý¿âÁ¬½Ó
ÔÚweb.configÎļþÖб£´æÊý¾Ý¿âÁ¬½ÓÅäÖÃÐÅÏ¢,¿ÉÒÔÈÃÄãÎÞÐëÖØбàÒëÓ¦ÓóÌÐò¼´¿É¸üÐÂÓ¦ÓóÌÐòµÄijЩÊôÐÔ¡£µ±ÄãÏë°ÑÊý¾Ý¿âǨÒƵ½ÁíÒ»¸ö²»Í¬µÄ·þÎñÆ÷£¬ÄãÖ»ÐèÒªÐÞ¸Äweb.configÎļþÖеÄÊý¾Ý¿âÁ¬½ÓÅäÖÃÐÅÏ¢¶øÒÑ£¬²¢²»ÐèÒªÖØбàÒëºÍÖØв¿ÊðÕâ¸öÓ¦ÓóÌÐòÒÔÊÊӦеķþÎñÆ÷µÄÒ ......
vs2005 ûÓÐASP.NET WEBÓ¦ÓóÌÐò£¨Application£©µÄ½â¾ö·½°¸
vs2005 sp1ÏÂÔصØÖ·
2009-02-21 09:08
VS80sp1-KB926604-X86-CHS.exe
WebApplicationProjectSetup.msi
Ïà¹ØÎÄÕÂ:
×î½ü°ïͬÊ°²×°ÁËVs2005ºÍsp1,·¢ÏÖ¸ù±¾´ò²»¿ªÔÀ´µÄ³ÌÐò£¬Ð½¨ÏîÄ¿ÖÐûÓÐASP.NET WEBÓ¦ÓóÌÐò,ͬʵÄϵͳÊÇwindows 2003,¶øÔÚwi ......