My website emails me when it raises an exception. I'm getting about 10
emails per day that look similar to this, but in each, the IP address and
port, and the email-looking stuff, are different. Here is an example
below. Any thoughts??? By the way, my firewall doesn't allow activity
from the outside world on these ports, to the web server, and I think the
remote person is connecting to the webpage via a standard http connection
because my error handler is telling me the web pages they're connecting to.
It looks like someone has found a flaw whereby they try to relay mail
through manipulating the viewstate.
Sample:
System.Web.Http Exception: Invalid_Viewsta te
Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each
time; not mine)
Port: 33282
User-Agent:
ViewState: oney
Content-Type: multipart/alternative;
boundary=81dccc cf6d901ae3f3834 31692835cf7
MIME-Version: 1.0
Subject: said einrich, with
bcc: so************* ****@aol.com
This is a multi-part message in MIME format.
--81dccccf6d901ae 3f383431347835c f7
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
some text goes here in each one of these where this text looks like some
email body text
--81dccccf6d901ae 3f383431347835c f7--
..
Http-Referer: http://www.MyCompanysDomainGoesHere.com/
Path: /Default.aspx. ---> System.FormatEx ception: Invalid character in a
Base-64 string.
at System.Convert. FromBase64Strin g(String s)
at System.Web.UI.L osFormatter.Des erialize(String input)
at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium()
--- End of inner exception stack trace ---
at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium()
at System.Web.UI.P age.LoadPageVie wState()
at System.Web.UI.P age.ProcessRequ estMain() 9 1880
HK,
This is not the place to report an attack on your web site.
"HK" wrote: My website emails me when it raises an exception. I'm getting about 10 emails per day that look similar to this, but in each, the IP address and port, and the email-looking stuff, are different. Here is an example below. Any thoughts??? By the way, my firewall doesn't allow activity from the outside world on these ports, to the web server, and I think the remote person is connecting to the webpage via a standard http connection because my error handler is telling me the web pages they're connecting to. It looks like someone has found a flaw whereby they try to relay mail through manipulating the viewstate.
Sample:
System.Web.Http Exception: Invalid_Viewsta te Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each time; not mine) Port: 33282 User-Agent: ViewState: oney Content-Type: multipart/alternative; boundary=81dccc cf6d901ae3f3834 31692835cf7 MIME-Version: 1.0 Subject: said einrich, with bcc: so************* ****@aol.com
This is a multi-part message in MIME format.
--81dccccf6d901ae 3f383431347835c f7 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
some text goes here in each one of these where this text looks like some email body text --81dccccf6d901ae 3f383431347835c f7--
..
Http-Referer: http://www.MyCompanysDomainGoesHere.com/ Path: /Default.aspx. ---> System.FormatEx ception: Invalid character in a Base-64 string. at System.Convert. FromBase64Strin g(String s) at System.Web.UI.L osFormatter.Des erialize(String input) at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() --- End of inner exception stack trace --- at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() at System.Web.UI.P age.LoadPageVie wState() at System.Web.UI.P age.ProcessRequ estMain()
Read this : http://forums.asp.net/1042237/ShowPost.aspx
Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== =====
"HK" <re************ **@notreal.com> wrote in message
news:nb******** *********@torna do.socal.rr.com ... My website emails me when it raises an exception. I'm getting about 10 emails per day that look similar to this, but in each, the IP address and port, and the email-looking stuff, are different. Here is an example below. Any thoughts??? By the way, my firewall doesn't allow activity from the outside world on these ports, to the web server, and I think the remote person is connecting to the webpage via a standard http connection because my error handler is telling me the web pages they're connecting to. It looks like someone has found a flaw whereby they try to relay mail through manipulating the viewstate.
Sample:
System.Web.Http Exception: Invalid_Viewsta te Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each time; not mine) Port: 33282 User-Agent: ViewState: oney Content-Type: multipart/alternative; boundary=81dccc cf6d901ae3f3834 31692835cf7 MIME-Version: 1.0 Subject: said einrich, with bcc: so************* ****@aol.com
This is a multi-part message in MIME format.
--81dccccf6d901ae 3f383431347835c f7 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
some text goes here in each one of these where this text looks like some email body text --81dccccf6d901ae 3f383431347835c f7--
.
Http-Referer: http://www.MyCompanysDomainGoesHere.com/ Path: /Default.aspx. ---> System.FormatEx ception: Invalid character in a Base-64 string. at System.Convert. FromBase64Strin g(String s) at System.Web.UI.L osFormatter.Des erialize(String input) at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() --- End of inner exception stack trace --- at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() at System.Web.UI.P age.LoadPageVie wState() at System.Web.UI.P age.ProcessRequ estMain()
Great thread. Good to see I'm not alone and others have the same suspicions
as me that this is something like a SQL Injection attack. Are we going to
learn from Microsoft in 3 months that there has been a big security hole in
the viewstate handler?
Anyone learned more about this?
"Juan T. Llibre" <no***********@ nowhere.com> wrote in message
news:On******** ********@TK2MSF TNGP11.phx.gbl. .. Read this :
http://forums.asp.net/1042237/ShowPost.aspx
Juan T. Llibre, asp.net MVP aspnetfaq.com : http://www.aspnetfaq.com/ asp.net faq : http://asp.net.do/faq/ foros de asp.net, en español : http://asp.net.do/foros/ =============== =============== ===== "HK" <re************ **@notreal.com> wrote in message news:nb******** *********@torna do.socal.rr.com ... My website emails me when it raises an exception. I'm getting about 10 emails per day that look similar to this, but in each, the IP address
and port, and the email-looking stuff, are different. Here is an example below. Any thoughts??? By the way, my firewall doesn't allow activity from the outside world on these ports, to the web server, and I think
the remote person is connecting to the webpage via a standard http
connection because my error handler is telling me the web pages they're connecting
to. It looks like someone has found a flaw whereby they try to relay mail through manipulating the viewstate.
Sample:
System.Web.Http Exception: Invalid_Viewsta te Client IP: 194.158.xx.xx (I commented out the last digits; IP varies
each time; not mine) Port: 33282 User-Agent: ViewState: oney Content-Type: multipart/alternative; boundary=81dccc cf6d901ae3f3834 31692835cf7 MIME-Version: 1.0 Subject: said einrich, with bcc: so************* ****@aol.com
This is a multi-part message in MIME format.
--81dccccf6d901ae 3f383431347835c f7 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
some text goes here in each one of these where this text looks like some email body text --81dccccf6d901ae 3f383431347835c f7--
.
Http-Referer: http://www.MyCompanysDomainGoesHere.com/ Path: /Default.aspx. ---> System.FormatEx ception: Invalid character in a Base-64 string. at System.Convert. FromBase64Strin g(String s) at System.Web.UI.L osFormatter.Des erialize(String input) at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() --- End of inner exception stack trace --- at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() at System.Web.UI.P age.LoadPageVie wState() at System.Web.UI.P age.ProcessRequ estMain()
I disagree. I've helped countless people in this forum before, and the
nature of my post is specific to IIS and ASP.NET's handling of viewstate.
I wasn't posting about some general denial of service attack that has
nothing to do with ASP.NET. If there is a general viewstate flaw, I trust
people in this group want to know, or perhaps they have more information.
"DWS" <DW*@discussion s.microsoft.com > wrote in message
news:A9******** *************** ***********@mic rosoft.com... HK, This is not the place to report an attack on your web site.
"HK" wrote:
My website emails me when it raises an exception. I'm getting about 10 emails per day that look similar to this, but in each, the IP address
and port, and the email-looking stuff, are different. Here is an example below. Any thoughts??? By the way, my firewall doesn't allow activity from the outside world on these ports, to the web server, and I think
the remote person is connecting to the webpage via a standard http
connection because my error handler is telling me the web pages they're connecting
to. It looks like someone has found a flaw whereby they try to relay mail through manipulating the viewstate.
Sample:
System.Web.Http Exception: Invalid_Viewsta te Client IP: 194.158.xx.xx (I commented out the last digits; IP varies
each time; not mine) Port: 33282 User-Agent: ViewState: oney Content-Type: multipart/alternative; boundary=81dccc cf6d901ae3f3834 31692835cf7 MIME-Version: 1.0 Subject: said einrich, with bcc: so************* ****@aol.com
This is a multi-part message in MIME format.
--81dccccf6d901ae 3f383431347835c f7 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
some text goes here in each one of these where this text looks like some email body text --81dccccf6d901ae 3f383431347835c f7--
..
Http-Referer: http://www.MyCompanysDomainGoesHere.com/ Path: /Default.aspx. ---> System.FormatEx ception: Invalid character in
a Base-64 string. at System.Convert. FromBase64Strin g(String s) at System.Web.UI.L osFormatter.Des erialize(String input) at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() --- End of inner exception stack trace --- at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() at System.Web.UI.P age.LoadPageVie wState() at System.Web.UI.P age.ProcessRequ estMain()
re: If there is a general viewstate flaw, I trust people in this group want to know
I sure do...
Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== =====
"HK" <re************ **@notreal.com> wrote in message
news:Iw******** **********@torn ado.socal.rr.co m...I disagree. I've helped countless people in this forum before, and the nature of my post is specific to IIS and ASP.NET's handling of viewstate. I wasn't posting about some general denial of service attack that has nothing to do with ASP.NET. If there is a general viewstate flaw, I trust people in this group want to know, or perhaps they have more information.
"DWS" <DW*@discussion s.microsoft.com > wrote in message news:A9******** *************** ***********@mic rosoft.com... HK, This is not the place to report an attack on your web site.
"HK" wrote:
> My website emails me when it raises an exception. I'm getting about 10 > emails per day that look similar to this, but in each, the IP address and > port, and the email-looking stuff, are different. Here is an example > below. Any thoughts??? By the way, my firewall doesn't allow activity > from the outside world on these ports, to the web server, and I think the > remote person is connecting to the webpage via a standard http connection > because my error handler is telling me the web pages they're connecting to. > It looks like someone has found a flaw whereby they try to relay mail > through manipulating the viewstate. > > Sample: > > System.Web.Http Exception: Invalid_Viewsta te > Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each > time; not mine) > Port: 33282 > User-Agent: > ViewState: oney > Content-Type: multipart/alternative; > boundary=81dccc cf6d901ae3f3834 31692835cf7 > MIME-Version: 1.0 > Subject: said einrich, with > bcc: so************* ****@aol.com > > This is a multi-part message in MIME format. > > --81dccccf6d901ae 3f383431347835c f7 > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > > some text goes here in each one of these where this text looks like some > email body text > --81dccccf6d901ae 3f383431347835c f7-- > > .. > > Http-Referer: http://www.MyCompanysDomainGoesHere.com/ > Path: /Default.aspx. ---> System.FormatEx ception: Invalid character in a > Base-64 string. > at System.Convert. FromBase64Strin g(String s) > at System.Web.UI.L osFormatter.Des erialize(String input) > at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() > --- End of inner exception stack trace --- > at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() > at System.Web.UI.P age.LoadPageVie wState() > at System.Web.UI.P age.ProcessRequ estMain() > > >
I admit it's odd, Im watching this message to see if there is a resolution.
Good Luck
--
Terry Burns http://TrainingOn.net
"HK" <re************ **@notreal.com> wrote in message
news:Xu******** **********@torn ado.socal.rr.co m... Great thread. Good to see I'm not alone and others have the same suspicions as me that this is something like a SQL Injection attack. Are we going to learn from Microsoft in 3 months that there has been a big security hole in the viewstate handler?
Anyone learned more about this?
"Juan T. Llibre" <no***********@ nowhere.com> wrote in message news:On******** ********@TK2MSF TNGP11.phx.gbl. .. Read this :
http://forums.asp.net/1042237/ShowPost.aspx
Juan T. Llibre, asp.net MVP aspnetfaq.com : http://www.aspnetfaq.com/ asp.net faq : http://asp.net.do/faq/ foros de asp.net, en español : http://asp.net.do/foros/ =============== =============== ===== "HK" <re************ **@notreal.com> wrote in message news:nb******** *********@torna do.socal.rr.com ... > My website emails me when it raises an exception. I'm getting about 10 > emails per day that look similar to this, but in each, the IP address and > port, and the email-looking stuff, are different. Here is an example > below. Any thoughts??? By the way, my firewall doesn't allow > activity > from the outside world on these ports, to the web server, and I think the > remote person is connecting to the webpage via a standard http connection > because my error handler is telling me the web pages they're connecting to. > It looks like someone has found a flaw whereby they try to relay mail > through manipulating the viewstate. > > Sample: > > System.Web.Http Exception: Invalid_Viewsta te > Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each > time; not mine) > Port: 33282 > User-Agent: > ViewState: oney > Content-Type: multipart/alternative; > boundary=81dccc cf6d901ae3f3834 31692835cf7 > MIME-Version: 1.0 > Subject: said einrich, with > bcc: so************* ****@aol.com > > This is a multi-part message in MIME format. > > --81dccccf6d901ae 3f383431347835c f7 > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > > some text goes here in each one of these where this text looks like > some > email body text > --81dccccf6d901ae 3f383431347835c f7-- > > . > > Http-Referer: http://www.MyCompanysDomainGoesHere.com/ > Path: /Default.aspx. ---> System.FormatEx ception: Invalid character in > a > Base-64 string. > at System.Convert. FromBase64Strin g(String s) > at System.Web.UI.L osFormatter.Des erialize(String input) > at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() > --- End of inner exception stack trace --- > at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() > at System.Web.UI.P age.LoadPageVie wState() > at System.Web.UI.P age.ProcessRequ estMain() > >
The issue is being caused because the formatter cannot serialize extremely
small numbers correctly. There is a service hot fix for this but I really do
not recall a link to fix this issue.
You can also see a related article here: http://support.microsoft.com/default...b;en-us;555353
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------
"Terry Burns" <me@mine.com> wrote in message
news:eJ******** ******@TK2MSFTN GP15.phx.gbl... I admit it's odd, Im watching this message to see if there is a
resolution. Good Luck
-- Terry Burns http://TrainingOn.net
"HK" <re************ **@notreal.com> wrote in message news:Xu******** **********@torn ado.socal.rr.co m... Great thread. Good to see I'm not alone and others have the same suspicions as me that this is something like a SQL Injection attack. Are we going to learn from Microsoft in 3 months that there has been a big security hole in the viewstate handler?
Anyone learned more about this?
"Juan T. Llibre" <no***********@ nowhere.com> wrote in message news:On******** ********@TK2MSF TNGP11.phx.gbl. .. Read this :
http://forums.asp.net/1042237/ShowPost.aspx
Juan T. Llibre, asp.net MVP aspnetfaq.com : http://www.aspnetfaq.com/ asp.net faq : http://asp.net.do/faq/ foros de asp.net, en español : http://asp.net.do/foros/ =============== =============== ===== "HK" <re************ **@notreal.com> wrote in message news:nb******** *********@torna do.socal.rr.com ... > My website emails me when it raises an exception. I'm getting about
10 > emails per day that look similar to this, but in each, the IP address and > port, and the email-looking stuff, are different. Here is an
example > below. Any thoughts??? By the way, my firewall doesn't allow > activity > from the outside world on these ports, to the web server, and I think the > remote person is connecting to the webpage via a standard http connection > because my error handler is telling me the web pages they're
connecting to. > It looks like someone has found a flaw whereby they try to relay mail > through manipulating the viewstate. > > Sample: > > System.Web.Http Exception: Invalid_Viewsta te > Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each > time; not mine) > Port: 33282 > User-Agent: > ViewState: oney > Content-Type: multipart/alternative; > boundary=81dccc cf6d901ae3f3834 31692835cf7 > MIME-Version: 1.0 > Subject: said einrich, with > bcc: so************* ****@aol.com > > This is a multi-part message in MIME format. > > --81dccccf6d901ae 3f383431347835c f7 > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > > some text goes here in each one of these where this text looks like > some > email body text > --81dccccf6d901ae 3f383431347835c f7-- > > . > > Http-Referer: http://www.MyCompanysDomainGoesHere.com/ > Path: /Default.aspx. ---> System.FormatEx ception: Invalid character
in > a > Base-64 string. > at System.Convert. FromBase64Strin g(String s) > at System.Web.UI.L osFormatter.Des erialize(String input) > at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() > --- End of inner exception stack trace --- > at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() > at System.Web.UI.P age.LoadPageVie wState() > at System.Web.UI.P age.ProcessRequ estMain() > >
That may be true, but I'm getting the errors on pages where people can't
type the type of stuff they are typing. Pages where people aren't being
asked to type anything. And the text always looks like an email.
"Alvin Bruney - ASP.NET MVP" <www.lulu.com/owc> wrote in message
news:%2******** ********@TK2MSF TNGP15.phx.gbl. .. The issue is being caused because the formatter cannot serialize extremely small numbers correctly. There is a service hot fix for this but I really
do not recall a link to fix this issue.
You can also see a related article here: http://support.microsoft.com/default...b;en-us;555353
-- Regards, Alvin Bruney [MVP ASP.NET]
[Shameless Author plug] The Microsoft Office Web Components Black Book with .NET Now Available @ www.lulu.com/owc Forth-coming VSTO.NET - Wrox/Wiley 2006 ------------------------------------------------------- "Terry Burns" <me@mine.com> wrote in message news:eJ******** ******@TK2MSFTN GP15.phx.gbl... I admit it's odd, Im watching this message to see if there is a resolution. Good Luck
-- Terry Burns http://TrainingOn.net
"HK" <re************ **@notreal.com> wrote in message news:Xu******** **********@torn ado.socal.rr.co m... Great thread. Good to see I'm not alone and others have the same suspicions as me that this is something like a SQL Injection attack. Are we
going to learn from Microsoft in 3 months that there has been a big security
hole in the viewstate handler?
Anyone learned more about this?
"Juan T. Llibre" <no***********@ nowhere.com> wrote in message news:On******** ********@TK2MSF TNGP11.phx.gbl. .. > Read this : > > http://forums.asp.net/1042237/ShowPost.aspx > > > > > Juan T. Llibre, asp.net MVP > aspnetfaq.com : http://www.aspnetfaq.com/ > asp.net faq : http://asp.net.do/faq/ > foros de asp.net, en español : http://asp.net.do/foros/ > =============== =============== ===== > "HK" <re************ **@notreal.com> wrote in message > news:nb******** *********@torna do.socal.rr.com ... > > My website emails me when it raises an exception. I'm getting
about 10> > emails per day that look similar to this, but in each, the IP
address and > > port, and the email-looking stuff, are different. Here is an
example> > below. Any thoughts??? By the way, my firewall doesn't allow > > activity > > from the outside world on these ports, to the web server, and I
think the > > remote person is connecting to the webpage via a standard http connection > > because my error handler is telling me the web pages they're connecting to. > > It looks like someone has found a flaw whereby they try to relay
mail> > through manipulating the viewstate. > > > > Sample: > > > > System.Web.Http Exception: Invalid_Viewsta te > > Client IP: 194.158.xx.xx (I commented out the last digits; IP
varies each > > time; not mine) > > Port: 33282 > > User-Agent: > > ViewState: oney > > Content-Type: multipart/alternative; > > boundary=81dccc cf6d901ae3f3834 31692835cf7 > > MIME-Version: 1.0 > > Subject: said einrich, with > > bcc: so************* ****@aol.com > > > > This is a multi-part message in MIME format. > > > > --81dccccf6d901ae 3f383431347835c f7 > > Content-Type: text/plain; charset="us-ascii" > > MIME-Version: 1.0 > > Content-Transfer-Encoding: 7bit > > > > some text goes here in each one of these where this text looks like > > some > > email body text > > --81dccccf6d901ae 3f383431347835c f7-- > > > > . > > > > Http-Referer: http://www.MyCompanysDomainGoesHere.com/ > > Path: /Default.aspx. ---> System.FormatEx ception: Invalid character in> > a > > Base-64 string. > > at System.Convert. FromBase64Strin g(String s) > > at System.Web.UI.L osFormatter.Des erialize(String input) > > at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() > > --- End of inner exception stack trace --- > > at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() > > at System.Web.UI.P age.LoadPageVie wState() > > at System.Web.UI.P age.ProcessRequ estMain() > > > > > >
So there are two issues here right? One issue is that you do not know the
trigger for these emails and the other is that the CLR cannot handle the
conversion. I can't help you on issue number 1. For issue 2, the stack trace
indicates exactly what the problem. as me that this is something like a SQL Injection attack
Possible. One way to identify intruders is to turn on or view your server
logs. These logs contain valuable information that may be used to determine
the identity of foreign requests.
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------
"HK" <re************ **@notreal.com> wrote in message
news:pi******** ***********@tor nado.socal.rr.c om... That may be true, but I'm getting the errors on pages where people can't type the type of stuff they are typing. Pages where people aren't being asked to type anything. And the text always looks like an email.
"Alvin Bruney - ASP.NET MVP" <www.lulu.com/owc> wrote in message news:%2******** ********@TK2MSF TNGP15.phx.gbl. .. The issue is being caused because the formatter cannot serialize
extremely small numbers correctly. There is a service hot fix for this but I
really do not recall a link to fix this issue.
You can also see a related article here: http://support.microsoft.com/default...b;en-us;555353
-- Regards, Alvin Bruney [MVP ASP.NET]
[Shameless Author plug] The Microsoft Office Web Components Black Book with .NET Now Available @ www.lulu.com/owc Forth-coming VSTO.NET - Wrox/Wiley 2006 ------------------------------------------------------- "Terry Burns" <me@mine.com> wrote in message news:eJ******** ******@TK2MSFTN GP15.phx.gbl... I admit it's odd, Im watching this message to see if there is a resolution. Good Luck
-- Terry Burns http://TrainingOn.net
"HK" <re************ **@notreal.com> wrote in message news:Xu******** **********@torn ado.socal.rr.co m... > Great thread. Good to see I'm not alone and others have the same > suspicions > as me that this is something like a SQL Injection attack. Are we
going > to > learn from Microsoft in 3 months that there has been a big security hole > in > the viewstate handler? > > Anyone learned more about this? > > > "Juan T. Llibre" <no***********@ nowhere.com> wrote in message > news:On******** ********@TK2MSF TNGP11.phx.gbl. .. >> Read this : >> >> http://forums.asp.net/1042237/ShowPost.aspx >> >> >> >> >> Juan T. Llibre, asp.net MVP >> aspnetfaq.com : http://www.aspnetfaq.com/ >> asp.net faq : http://asp.net.do/faq/ >> foros de asp.net, en español : http://asp.net.do/foros/ >> =============== =============== ===== >> "HK" <re************ **@notreal.com> wrote in message >> news:nb******** *********@torna do.socal.rr.com ... >> > My website emails me when it raises an exception. I'm getting about 10 >> > emails per day that look similar to this, but in each, the IP address > and >> > port, and the email-looking stuff, are different. Here is an example >> > below. Any thoughts??? By the way, my firewall doesn't allow >> > activity >> > from the outside world on these ports, to the web server, and I think > the >> > remote person is connecting to the webpage via a standard http > connection >> > because my error handler is telling me the web pages they're connecting > to. >> > It looks like someone has found a flaw whereby they try to relay mail >> > through manipulating the viewstate. >> > >> > Sample: >> > >> > System.Web.Http Exception: Invalid_Viewsta te >> > Client IP: 194.158.xx.xx (I commented out the last digits; IP varies > each >> > time; not mine) >> > Port: 33282 >> > User-Agent: >> > ViewState: oney >> > Content-Type: multipart/alternative; >> > boundary=81dccc cf6d901ae3f3834 31692835cf7 >> > MIME-Version: 1.0 >> > Subject: said einrich, with >> > bcc: so************* ****@aol.com >> > >> > This is a multi-part message in MIME format. >> > >> > --81dccccf6d901ae 3f383431347835c f7 >> > Content-Type: text/plain; charset="us-ascii" >> > MIME-Version: 1.0 >> > Content-Transfer-Encoding: 7bit >> > >> > some text goes here in each one of these where this text looks
like >> > some >> > email body text >> > --81dccccf6d901ae 3f383431347835c f7-- >> > >> > . >> > >> > Http-Referer: http://www.MyCompanysDomainGoesHere.com/ >> > Path: /Default.aspx. ---> System.FormatEx ception: Invalid
character in >> > a >> > Base-64 string. >> > at System.Convert. FromBase64Strin g(String s) >> > at System.Web.UI.L osFormatter.Des erialize(String input) >> > at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() >> > --- End of inner exception stack trace --- >> > at System.Web.UI.P age.LoadPageSta teFromPersisten ceMedium() >> > at System.Web.UI.P age.LoadPageVie wState() >> > at System.Web.UI.P age.ProcessRequ estMain() >> > >> > >> >> > >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Steve Drake |
last post by:
All,
I have a CONTROL that contains 1 control (Control ONE), the 1 control that
it can contain 1 or 2 control (Control A and B).
Control A, raises and event and Control ONE receives this event and this
causes control B to be created, when this is done the VIEWSTATE is lost for
CONTROL B.
In the EVENT that causes CONTROL B to be created I have to set
|
by: neo |
last post by:
hi,
I am studying ASP.NET and have few questions -
1) The session ID and values of controls is stored in VIEWSTATE
variable. So now when we put EnableViewState="false" in Page directive and
disable the session state in Web.Config the VIEWSTATE variable is still
maintained and stores some values. Can anyone tell what those values are
for, i.e what other info is stored in VIEWSTATE other than the session ID
and the control values ?
|
by: John Crowley |
last post by:
I'm having an odd problem with viewstate and a dynamically created control
inside a repeater template.
Basically, I have a repeater setup like this in the aspx:
|
by: Jay Walker |
last post by:
I created a custom DataGridColumn based on Marcie Robillard's MSDN
Article:
Creating Custom Columns for the ASP.NET Datagrid
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/creatingcustomcolumns.asp
The problem I am having is that the data in the custom datagridcolumn
is not saved to viewstate and after postback, the column does not
contain data.
|
by: sourabh |
last post by:
Hi guys
Till now i thougt I understood ViewState but as I was trying write my
LoadViewState method i am sort of confused with what this ViewState is and
what is its use.
I have my LoadViewState method , i was curious to know wheres the state of
Various controls getting set on Post back. So I tried viewing the ViewState
but it doesnot show any controls and their values. I also had to implement
SaveViewstate to have my LoadViewState get...
| |
by: Max |
last post by:
I need an vb.net class that is invoked from aspx page, that use the
viewstate/session object.
This class must be store the information into viewstate/session.
Can you give me an example ?
Thanks
|
by: Mark Broadbent |
last post by:
Been a while since I've touched asp.net but one thing that always seems to
fustrate me is the loss of state on variable declarations. Is there anyway
(i.e. assigning an attribute etc) to instruct the server to remember a
variables state *without* having to go through the rigmarole of saving and
loading to and from the Session state manually or similar workaround for any
Types (including custom types) in exactly the same way web controls...
|
by: Robert |
last post by:
I have an app that was originally 1.1, now migrated to 2.0 and have run into
some sporadic viewstate errors...usually saying the viewstate is invalid,
eventvalidation failed or mac error.
My web config does specify a machinekey setting:
<machineKey
validationKey="447C05E8B3A71401CC4CAE5513A7F1A3494A3618EE819316AAD1D58433F236A759D66FB4154500E01EB4E1BC1DE42046E2D652D391CB8367A1649438867A02EB"...
|
by: Christophe Peillet |
last post by:
I have a CompositeControl with two types of properties:
1.) Mapped Properties that map directly to a child control's properties
(ex.: this.TextboxText = m_txt.Text). These properties are handled by their
underlying classes (such as the TextBox control), and are not persisted by me.
2.) Unique Properties that don't map directly and are persisted in ViewState
(ex.: this.LabelPosition, which specifies where on the form the label should
be...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |