Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-14 17:07:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 4 pages modified

Browse source
This commit is contained in:
CPol 2021-04-04 23:45:18 +00:00 committed by gitbook-bot
parent bbf817f42f
commit 6e4a4bd434
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
4 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
SUMMARY.md
View file

@ -330,8 +330,8 @@
* [Basic Java Deserialization \(ObjectInputStream, readObject\)](pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md)
* [CommonsCollection1 Payload - Java Transformers to Rutime exec\(\) and Thread Sleep](pentesting-web/deserialization/java-transformers-to-rutime-exec-payload.md)
* [Basic .Net deserialization \(ObjectDataProvider gadget, ExpandedWrapper, and Json.Net\)](pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md)
* [Exploiting \_\_VIEWSTATE knowing the secret](pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md)
* [Exploiting \_\_VIEWSTATE without knowing the secret](pentesting-web/deserialization/exploiting-__viewstate-parameter.md)
* [Exploiting \_\_VIEWSTATE knowing the secrets](pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md)
* [Exploiting \_\_VIEWSTATE without knowing the secrets](pentesting-web/deserialization/exploiting-__viewstate-parameter.md)
* [Domain/Subdomain takeover](pentesting-web/domain-subdomain-takeover.md)
* [Email Header Injection](pentesting-web/email-header-injection.md)
* [File Inclusion/Path traversal](pentesting-web/file-inclusion/README.md)

2
pentesting-web/deserialization/README.md
View file

@ -612,7 +612,7 @@ Therefore the **`--test`** parameter allows us to understand **which chunks of c
### ViewState
Take a look to [this POST about **how to try to exploit the \_\_ViewState parameter of .Net** ](exploiting-__viewstate-parameter.md)to **execute arbitrary code**.
Take a look to [this POST about **how to try to exploit the \_\_ViewState parameter of .Net** ](exploiting-__viewstate-parameter.md)to **execute arbitrary code.** If you **already know the secrets** used by the victim machine, ****[**read this post to know to execute code**](exploiting-__viewstate-knowing-the-secret.md)**.**
### **Prevention**

2
pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md
View file

@ -1,4 +1,4 @@
# Exploiting \_\_VIEWSTATE knowing the secret
# Exploiting \_\_VIEWSTATE knowing the secrets
**The content of this post was extracted from** [**https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/**](https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/)\*\*\*\*

2
pentesting-web/deserialization/exploiting-__viewstate-parameter.md
View file

@ -1,4 +1,4 @@
# Exploiting \_\_VIEWSTATE without knowing the secret
# Exploiting \_\_VIEWSTATE without knowing the secrets
## What is ViewState