~mkw

Average guy, above average luck...the blog of M. Keith Warren

ALERT: ASP.NET Hack Attempt

I wanted to toss this out there in case there is some new or as of yet unpacthed vulnerability. This morning I had an unusual string of errors whereas someone began trying to supplant the VIEWSTATE into the URL and in turn causing an error.

Like I said, I don't know if this is anything significant but my guess is that someone was trying to get a raw error output instead of the error page.

http://yourwebsite/somepage.aspx?__VIEWSTATE=IAMAHACKERTRYINGTOSCREWYOU

If anyone knows anything about this sort of thing, let me know.

Posted: May 16 2004, 12:49 PM by mkeithwarren | with 11 comment(s)

Comments

rajbk said:


Make sure you have EnableViewStateMAC turned on and you should be ok.
# May 16, 2004 1:09 PM

rajbk said:

what I meant to say was;

Make sure you have EnableViewStateMAC turned on especially on your login page and you should be ok.
# May 16, 2004 1:54 PM

M. Keith Warren said:

It is turned on, thanks though.
# May 16, 2004 1:59 PM

stefan demetz said:

write a small httphandler to limit querystring to say 20 chars or whatever your max is ...
if that happens redirect to a page where you do a whois, log ip and nic card
if it persists block their IP subnet address
on iis/your firewall or with IPSEC
that will do !!
# May 16, 2004 5:28 PM

M. Keith Warren said:

I am defeating the attack just fine, and have blocked the originating site which is at a University in Iran; I just wanted to let people know that something of this nature was out there and to on the lookout.
# May 16, 2004 6:00 PM

asdf said:

sdvgf
# July 4, 2004 12:19 PM

Mellisa said:

Hi, nice very nice page..!

mutual fund company - allfunds.free-site-host.com/provident-fund/index.html

<a href="allfunds.free-site-host.com/high-school-fund-raiser/index.html">globe fund</a>

high school fund raiser - allfunds.free-site-host.com/church-fund-raising-idea/index.html

[URL=allfunds.free-site-host.com/fund-of-hedge-funds/index.html]provident fund[/URL]

[URL=allfunds.free-site-host.com/nonprofit-fund-raising/index.html]provident fund[/URL]

Good luck !

PS: do you listen Linkin Park ?

# September 15, 2007 6:44 PM

Raf Sistemleri said:

i took a error message. this error like 'Machine key...'

# December 15, 2008 11:05 AM

sami said:

with asp.net you always will be hacked. Go with Java and you will be secure.

# April 14, 2011 6:41 PM

Anna23Wilson said:

Good post imho. Keep it up!

Anna 23Wilson

<a href="dubai-escort.com/">escorts services dubai</a>

# October 2, 2011 3:49 AM

SussyFrakloop said:

Good post as for me. Keep it up!

Sussy Frakloop

<a href="cyprusescorts.us/">cyprus larnaca escort agency</a>

# November 5, 2011 9:27 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)