Y
Hacker News
new
|
ask
|
show
|
jobs
by
sebazzz
2309 days ago
I'm suprised this attack is even possible. Disabling of the viewstate MAC validation is disallowed, since a while [1]. However, MAC validation is apparently circumvented because the ViewStateUserKey is known.
[1]:
https://devblogs.microsoft.com/aspnet/farewell-enableviewsta...