My website emails me when it raises an exception. I'm getting about 10
emails per day that look similar to this, but in each, the IP address and
port, and the email-looking stuff, are different. Here is an example
below. Any thoughts??? By the way, my firewall doesn't allow activity
from the outside world on these ports, to the web server, and I think the
remote person is connecting to the webpage via a standard http connection
because my error handler is telling me the web pages they're connecting to.
It looks like someone has found a flaw whereby they try to relay mail
through manipulating the viewstate.
Sample:
System.Web.HttpException: Invalid_Viewstate
Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each
time; not mine)
Port: 33282
User-Agent:
ViewState: oney
Content-Type: multipart/alternative;
boundary=81dccccf6d901ae3f383431692835cf7
MIME-Version: 1.0
Subject: said einrich, with
bcc: so*****************@aol.com
This is a multi-part message in MIME format.
--81dccccf6d901ae3f383431347835cf7
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
some text goes here in each one of these where this text looks like some
email body text
--81dccccf6d901ae3f383431347835cf7--
..
Http-Referer: http://www.MyCompanysDomainGoesHere.com/
Path: /Default.aspx. ---> System.FormatException: Invalid character in a
Base-64 string.
at System.Convert.FromBase64String(String s)
at System.Web.UI.LosFormatter.Deserialize(String input)
at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
--- End of inner exception stack trace ---
at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
at System.Web.UI.Page.LoadPageViewState()
at System.Web.UI.Page.ProcessRequestMain() 9  1865 
HK,
This is not the place to report an attack on your web site.
"HK" wrote: My website emails me when it raises an exception. I'm getting about 10
emails per day that look similar to this, but in each, the IP address and
port, and the email-looking stuff, are different. Here is an example
below. Any thoughts??? By the way, my firewall doesn't allow activity
from the outside world on these ports, to the web server, and I think the
remote person is connecting to the webpage via a standard http connection
because my error handler is telling me the web pages they're connecting to.
It looks like someone has found a flaw whereby they try to relay mail
through manipulating the viewstate.
Sample:
System.Web.HttpException: Invalid_Viewstate
Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each
time; not mine)
Port: 33282
User-Agent:
ViewState: oney
Content-Type: multipart/alternative;
boundary=81dccccf6d901ae3f383431692835cf7
MIME-Version: 1.0
Subject: said einrich, with
bcc: so*****************@aol.com
This is a multi-part message in MIME format.
--81dccccf6d901ae3f383431347835cf7
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
some text goes here in each one of these where this text looks like some
email body text
--81dccccf6d901ae3f383431347835cf7--
..
Http-Referer: http://www.MyCompanysDomainGoesHere.com/
Path: /Default.aspx. ---> System.FormatException: Invalid character in a
Base-64 string.
at System.Convert.FromBase64String(String s)
at System.Web.UI.LosFormatter.Deserialize(String input)
at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
--- End of inner exception stack trace ---
at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
at System.Web.UI.Page.LoadPageViewState()
at System.Web.UI.Page.ProcessRequestMain()
Read this : http://forums.asp.net/1042237/ShowPost.aspx
Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"HK" <re**************@notreal.com> wrote in message
news:nb*****************@tornado.socal.rr.com... My website emails me when it raises an exception. I'm getting about 10
emails per day that look similar to this, but in each, the IP address and
port, and the email-looking stuff, are different. Here is an example
below. Any thoughts??? By the way, my firewall doesn't allow activity
from the outside world on these ports, to the web server, and I think the
remote person is connecting to the webpage via a standard http connection
because my error handler is telling me the web pages they're connecting to.
It looks like someone has found a flaw whereby they try to relay mail
through manipulating the viewstate.
Sample:
System.Web.HttpException: Invalid_Viewstate
Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each
time; not mine)
Port: 33282
User-Agent:
ViewState: oney
Content-Type: multipart/alternative;
boundary=81dccccf6d901ae3f383431692835cf7
MIME-Version: 1.0
Subject: said einrich, with
bcc: so*****************@aol.com
This is a multi-part message in MIME format.
--81dccccf6d901ae3f383431347835cf7
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
some text goes here in each one of these where this text looks like some
email body text
--81dccccf6d901ae3f383431347835cf7--
.
Http-Referer: http://www.MyCompanysDomainGoesHere.com/
Path: /Default.aspx. ---> System.FormatException: Invalid character in a
Base-64 string.
at System.Convert.FromBase64String(String s)
at System.Web.UI.LosFormatter.Deserialize(String input)
at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
--- End of inner exception stack trace ---
at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
at System.Web.UI.Page.LoadPageViewState()
at System.Web.UI.Page.ProcessRequestMain()
Great thread. Good to see I'm not alone and others have the same suspicions
as me that this is something like a SQL Injection attack. Are we going to
learn from Microsoft in 3 months that there has been a big security hole in
the viewstate handler?
Anyone learned more about this?
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:On****************@TK2MSFTNGP11.phx.gbl... Read this :
http://forums.asp.net/1042237/ShowPost.aspx
Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"HK" <re**************@notreal.com> wrote in message
news:nb*****************@tornado.socal.rr.com... My website emails me when it raises an exception. I'm getting about 10
emails per day that look similar to this, but in each, the IP address
and port, and the email-looking stuff, are different. Here is an example
below. Any thoughts??? By the way, my firewall doesn't allow activity
from the outside world on these ports, to the web server, and I think
the remote person is connecting to the webpage via a standard http
connection because my error handler is telling me the web pages they're connecting
to. It looks like someone has found a flaw whereby they try to relay mail
through manipulating the viewstate.
Sample:
System.Web.HttpException: Invalid_Viewstate
Client IP: 194.158.xx.xx (I commented out the last digits; IP varies
each time; not mine)
Port: 33282
User-Agent:
ViewState: oney
Content-Type: multipart/alternative;
boundary=81dccccf6d901ae3f383431692835cf7
MIME-Version: 1.0
Subject: said einrich, with
bcc: so*****************@aol.com
This is a multi-part message in MIME format.
--81dccccf6d901ae3f383431347835cf7
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
some text goes here in each one of these where this text looks like some
email body text
--81dccccf6d901ae3f383431347835cf7--
.
Http-Referer: http://www.MyCompanysDomainGoesHere.com/
Path: /Default.aspx. ---> System.FormatException: Invalid character in a
Base-64 string.
at System.Convert.FromBase64String(String s)
at System.Web.UI.LosFormatter.Deserialize(String input)
at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
--- End of inner exception stack trace ---
at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
at System.Web.UI.Page.LoadPageViewState()
at System.Web.UI.Page.ProcessRequestMain()
I disagree. I've helped countless people in this forum before, and the
nature of my post is specific to IIS and ASP.NET's handling of viewstate.
I wasn't posting about some general denial of service attack that has
nothing to do with ASP.NET. If there is a general viewstate flaw, I trust
people in this group want to know, or perhaps they have more information.
"DWS" <DW*@discussions.microsoft.com> wrote in message
news:A9**********************************@microsof t.com... HK,
This is not the place to report an attack on your web site.
"HK" wrote:
My website emails me when it raises an exception. I'm getting about 10
emails per day that look similar to this, but in each, the IP address
and port, and the email-looking stuff, are different. Here is an example
below. Any thoughts??? By the way, my firewall doesn't allow activity
from the outside world on these ports, to the web server, and I think
the remote person is connecting to the webpage via a standard http
connection because my error handler is telling me the web pages they're connecting
to. It looks like someone has found a flaw whereby they try to relay mail
through manipulating the viewstate.
Sample:
System.Web.HttpException: Invalid_Viewstate
Client IP: 194.158.xx.xx (I commented out the last digits; IP varies
each time; not mine)
Port: 33282
User-Agent:
ViewState: oney
Content-Type: multipart/alternative;
boundary=81dccccf6d901ae3f383431692835cf7
MIME-Version: 1.0
Subject: said einrich, with
bcc: so*****************@aol.com
This is a multi-part message in MIME format.
--81dccccf6d901ae3f383431347835cf7
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
some text goes here in each one of these where this text looks like some
email body text
--81dccccf6d901ae3f383431347835cf7--
..
Http-Referer: http://www.MyCompanysDomainGoesHere.com/
Path: /Default.aspx. ---> System.FormatException: Invalid character in
a Base-64 string.
at System.Convert.FromBase64String(String s)
at System.Web.UI.LosFormatter.Deserialize(String input)
at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
--- End of inner exception stack trace ---
at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
at System.Web.UI.Page.LoadPageViewState()
at System.Web.UI.Page.ProcessRequestMain()
re: If there is a general viewstate flaw, I trust people in this group want to know
I sure do...
Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"HK" <re**************@notreal.com> wrote in message
news:Iw******************@tornado.socal.rr.com...I disagree. I've helped countless people in this forum before, and the
nature of my post is specific to IIS and ASP.NET's handling of viewstate.
I wasn't posting about some general denial of service attack that has
nothing to do with ASP.NET. If there is a general viewstate flaw, I trust
people in this group want to know, or perhaps they have more information.
"DWS" <DW*@discussions.microsoft.com> wrote in message
news:A9**********************************@microsof t.com... HK,
This is not the place to report an attack on your web site.
"HK" wrote:
> My website emails me when it raises an exception. I'm getting about 10
> emails per day that look similar to this, but in each, the IP address and > port, and the email-looking stuff, are different. Here is an example
> below. Any thoughts??? By the way, my firewall doesn't allow activity
> from the outside world on these ports, to the web server, and I think the > remote person is connecting to the webpage via a standard http connection > because my error handler is telling me the web pages they're connecting to. > It looks like someone has found a flaw whereby they try to relay mail
> through manipulating the viewstate.
>
> Sample:
>
> System.Web.HttpException: Invalid_Viewstate
> Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each > time; not mine)
> Port: 33282
> User-Agent:
> ViewState: oney
> Content-Type: multipart/alternative;
> boundary=81dccccf6d901ae3f383431692835cf7
> MIME-Version: 1.0
> Subject: said einrich, with
> bcc: so*****************@aol.com
>
> This is a multi-part message in MIME format.
>
> --81dccccf6d901ae3f383431347835cf7
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
>
> some text goes here in each one of these where this text looks like some
> email body text
> --81dccccf6d901ae3f383431347835cf7--
>
> ..
>
> Http-Referer: http://www.MyCompanysDomainGoesHere.com/
> Path: /Default.aspx. ---> System.FormatException: Invalid character in a > Base-64 string.
> at System.Convert.FromBase64String(String s)
> at System.Web.UI.LosFormatter.Deserialize(String input)
> at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
> --- End of inner exception stack trace ---
> at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
> at System.Web.UI.Page.LoadPageViewState()
> at System.Web.UI.Page.ProcessRequestMain()
>
>
>
I admit it's odd, Im watching this message to see if there is a resolution.
Good Luck
--
Terry Burns http://TrainingOn.net
"HK" <re**************@notreal.com> wrote in message
news:Xu******************@tornado.socal.rr.com... Great thread. Good to see I'm not alone and others have the same
suspicions
as me that this is something like a SQL Injection attack. Are we going
to
learn from Microsoft in 3 months that there has been a big security hole
in
the viewstate handler?
Anyone learned more about this?
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:On****************@TK2MSFTNGP11.phx.gbl... Read this :
http://forums.asp.net/1042237/ShowPost.aspx
Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"HK" <re**************@notreal.com> wrote in message
news:nb*****************@tornado.socal.rr.com... > My website emails me when it raises an exception. I'm getting about 10
> emails per day that look similar to this, but in each, the IP address and > port, and the email-looking stuff, are different. Here is an example
> below. Any thoughts??? By the way, my firewall doesn't allow
> activity
> from the outside world on these ports, to the web server, and I think the > remote person is connecting to the webpage via a standard http connection > because my error handler is telling me the web pages they're connecting to. > It looks like someone has found a flaw whereby they try to relay mail
> through manipulating the viewstate.
>
> Sample:
>
> System.Web.HttpException: Invalid_Viewstate
> Client IP: 194.158.xx.xx (I commented out the last digits; IP varies each > time; not mine)
> Port: 33282
> User-Agent:
> ViewState: oney
> Content-Type: multipart/alternative;
> boundary=81dccccf6d901ae3f383431692835cf7
> MIME-Version: 1.0
> Subject: said einrich, with
> bcc: so*****************@aol.com
>
> This is a multi-part message in MIME format.
>
> --81dccccf6d901ae3f383431347835cf7
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
>
> some text goes here in each one of these where this text looks like
> some
> email body text
> --81dccccf6d901ae3f383431347835cf7--
>
> .
>
> Http-Referer: http://www.MyCompanysDomainGoesHere.com/
> Path: /Default.aspx. ---> System.FormatException: Invalid character in
> a
> Base-64 string.
> at System.Convert.FromBase64String(String s)
> at System.Web.UI.LosFormatter.Deserialize(String input)
> at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
> --- End of inner exception stack trace ---
> at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
> at System.Web.UI.Page.LoadPageViewState()
> at System.Web.UI.Page.ProcessRequestMain()
>
>
The issue is being caused because the formatter cannot serialize extremely
small numbers correctly. There is a service hot fix for this but I really do
not recall a link to fix this issue.
You can also see a related article here: http://support.microsoft.com/default...b;en-us;555353
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------
"Terry Burns" <me@mine.com> wrote in message
news:eJ**************@TK2MSFTNGP15.phx.gbl... I admit it's odd, Im watching this message to see if there is a
resolution.
Good Luck
--
Terry Burns
http://TrainingOn.net
"HK" <re**************@notreal.com> wrote in message
news:Xu******************@tornado.socal.rr.com... Great thread. Good to see I'm not alone and others have the same
suspicions
as me that this is something like a SQL Injection attack. Are we going
to
learn from Microsoft in 3 months that there has been a big security hole
in
the viewstate handler?
Anyone learned more about this?
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:On****************@TK2MSFTNGP11.phx.gbl... Read this :
http://forums.asp.net/1042237/ShowPost.aspx
Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"HK" <re**************@notreal.com> wrote in message
news:nb*****************@tornado.socal.rr.com...
> My website emails me when it raises an exception. I'm getting about
10 > emails per day that look similar to this, but in each, the IP address
and > port, and the email-looking stuff, are different. Here is an
example > below. Any thoughts??? By the way, my firewall doesn't allow
> activity
> from the outside world on these ports, to the web server, and I think
the > remote person is connecting to the webpage via a standard http
connection > because my error handler is telling me the web pages they're
connecting to. > It looks like someone has found a flaw whereby they try to relay mail
> through manipulating the viewstate.
>
> Sample:
>
> System.Web.HttpException: Invalid_Viewstate
> Client IP: 194.158.xx.xx (I commented out the last digits; IP varies
each > time; not mine)
> Port: 33282
> User-Agent:
> ViewState: oney
> Content-Type: multipart/alternative;
> boundary=81dccccf6d901ae3f383431692835cf7
> MIME-Version: 1.0
> Subject: said einrich, with
> bcc: so*****************@aol.com
>
> This is a multi-part message in MIME format.
>
> --81dccccf6d901ae3f383431347835cf7
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
>
> some text goes here in each one of these where this text looks like
> some
> email body text
> --81dccccf6d901ae3f383431347835cf7--
>
> .
>
> Http-Referer: http://www.MyCompanysDomainGoesHere.com/
> Path: /Default.aspx. ---> System.FormatException: Invalid character
in > a
> Base-64 string.
> at System.Convert.FromBase64String(String s)
> at System.Web.UI.LosFormatter.Deserialize(String input)
> at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
> --- End of inner exception stack trace ---
> at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
> at System.Web.UI.Page.LoadPageViewState()
> at System.Web.UI.Page.ProcessRequestMain()
>
>
That may be true, but I'm getting the errors on pages where people can't
type the type of stuff they are typing. Pages where people aren't being
asked to type anything. And the text always looks like an email.
"Alvin Bruney - ASP.NET MVP" <www.lulu.com/owc> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl... The issue is being caused because the formatter cannot serialize extremely
small numbers correctly. There is a service hot fix for this but I really
do not recall a link to fix this issue.
You can also see a related article here:
http://support.microsoft.com/default...b;en-us;555353
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------
"Terry Burns" <me@mine.com> wrote in message
news:eJ**************@TK2MSFTNGP15.phx.gbl... I admit it's odd, Im watching this message to see if there is a resolution.
Good Luck
--
Terry Burns
http://TrainingOn.net
"HK" <re**************@notreal.com> wrote in message
news:Xu******************@tornado.socal.rr.com... Great thread. Good to see I'm not alone and others have the same
suspicions
as me that this is something like a SQL Injection attack. Are we
going to
learn from Microsoft in 3 months that there has been a big security
hole in
the viewstate handler?
Anyone learned more about this?
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:On****************@TK2MSFTNGP11.phx.gbl...
> Read this :
>
> http://forums.asp.net/1042237/ShowPost.aspx
>
>
>
>
> Juan T. Llibre, asp.net MVP
> aspnetfaq.com : http://www.aspnetfaq.com/
> asp.net faq : http://asp.net.do/faq/
> foros de asp.net, en español : http://asp.net.do/foros/
> ===================================
> "HK" <re**************@notreal.com> wrote in message
> news:nb*****************@tornado.socal.rr.com...
> > My website emails me when it raises an exception. I'm getting
about 10> > emails per day that look similar to this, but in each, the IP
address and
> > port, and the email-looking stuff, are different. Here is an
example> > below. Any thoughts??? By the way, my firewall doesn't allow
> > activity
> > from the outside world on these ports, to the web server, and I
think the
> > remote person is connecting to the webpage via a standard http
connection
> > because my error handler is telling me the web pages they're connecting to.
> > It looks like someone has found a flaw whereby they try to relay
mail> > through manipulating the viewstate.
> >
> > Sample:
> >
> > System.Web.HttpException: Invalid_Viewstate
> > Client IP: 194.158.xx.xx (I commented out the last digits; IP
varies each
> > time; not mine)
> > Port: 33282
> > User-Agent:
> > ViewState: oney
> > Content-Type: multipart/alternative;
> > boundary=81dccccf6d901ae3f383431692835cf7
> > MIME-Version: 1.0
> > Subject: said einrich, with
> > bcc: so*****************@aol.com
> >
> > This is a multi-part message in MIME format.
> >
> > --81dccccf6d901ae3f383431347835cf7
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> >
> > some text goes here in each one of these where this text looks like
> > some
> > email body text
> > --81dccccf6d901ae3f383431347835cf7--
> >
> > .
> >
> > Http-Referer: http://www.MyCompanysDomainGoesHere.com/
> > Path: /Default.aspx. ---> System.FormatException: Invalid character in> > a
> > Base-64 string.
> > at System.Convert.FromBase64String(String s)
> > at System.Web.UI.LosFormatter.Deserialize(String input)
> > at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
> > --- End of inner exception stack trace ---
> > at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
> > at System.Web.UI.Page.LoadPageViewState()
> > at System.Web.UI.Page.ProcessRequestMain()
> >
> >
>
>
So there are two issues here right? One issue is that you do not know the
trigger for these emails and the other is that the CLR cannot handle the
conversion. I can't help you on issue number 1. For issue 2, the stack trace
indicates exactly what the problem. as me that this is something like a SQL Injection attack
Possible. One way to identify intruders is to turn on or view your server
logs. These logs contain valuable information that may be used to determine
the identity of foreign requests.
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------
"HK" <re**************@notreal.com> wrote in message
news:pi*******************@tornado.socal.rr.com... That may be true, but I'm getting the errors on pages where people can't
type the type of stuff they are typing. Pages where people aren't being
asked to type anything. And the text always looks like an email.
"Alvin Bruney - ASP.NET MVP" <www.lulu.com/owc> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl... The issue is being caused because the formatter cannot serialize
extremely small numbers correctly. There is a service hot fix for this but I
really do not recall a link to fix this issue.
You can also see a related article here:
http://support.microsoft.com/default...b;en-us;555353
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------
"Terry Burns" <me@mine.com> wrote in message
news:eJ**************@TK2MSFTNGP15.phx.gbl... I admit it's odd, Im watching this message to see if there is a
resolution.
Good Luck
--
Terry Burns
http://TrainingOn.net
"HK" <re**************@notreal.com> wrote in message
news:Xu******************@tornado.socal.rr.com...
> Great thread. Good to see I'm not alone and others have the same
> suspicions
> as me that this is something like a SQL Injection attack. Are we
going > to
> learn from Microsoft in 3 months that there has been a big security hole > in
> the viewstate handler?
>
> Anyone learned more about this?
>
>
> "Juan T. Llibre" <no***********@nowhere.com> wrote in message
> news:On****************@TK2MSFTNGP11.phx.gbl...
>> Read this :
>>
>> http://forums.asp.net/1042237/ShowPost.aspx
>>
>>
>>
>>
>> Juan T. Llibre, asp.net MVP
>> aspnetfaq.com : http://www.aspnetfaq.com/
>> asp.net faq : http://asp.net.do/faq/
>> foros de asp.net, en español : http://asp.net.do/foros/
>> ===================================
>> "HK" <re**************@notreal.com> wrote in message
>> news:nb*****************@tornado.socal.rr.com...
>> > My website emails me when it raises an exception. I'm getting about 10 >> > emails per day that look similar to this, but in each, the IP
address > and
>> > port, and the email-looking stuff, are different. Here is an
example >> > below. Any thoughts??? By the way, my firewall doesn't allow
>> > activity
>> > from the outside world on these ports, to the web server, and I think > the
>> > remote person is connecting to the webpage via a standard http
> connection
>> > because my error handler is telling me the web pages they're
connecting > to.
>> > It looks like someone has found a flaw whereby they try to relay mail >> > through manipulating the viewstate.
>> >
>> > Sample:
>> >
>> > System.Web.HttpException: Invalid_Viewstate
>> > Client IP: 194.158.xx.xx (I commented out the last digits; IP varies > each
>> > time; not mine)
>> > Port: 33282
>> > User-Agent:
>> > ViewState: oney
>> > Content-Type: multipart/alternative;
>> > boundary=81dccccf6d901ae3f383431692835cf7
>> > MIME-Version: 1.0
>> > Subject: said einrich, with
>> > bcc: so*****************@aol.com
>> >
>> > This is a multi-part message in MIME format.
>> >
>> > --81dccccf6d901ae3f383431347835cf7
>> > Content-Type: text/plain; charset="us-ascii"
>> > MIME-Version: 1.0
>> > Content-Transfer-Encoding: 7bit
>> >
>> > some text goes here in each one of these where this text looks
like >> > some
>> > email body text
>> > --81dccccf6d901ae3f383431347835cf7--
>> >
>> > .
>> >
>> > Http-Referer: http://www.MyCompanysDomainGoesHere.com/
>> > Path: /Default.aspx. ---> System.FormatException: Invalid
character in >> > a
>> > Base-64 string.
>> > at System.Convert.FromBase64String(String s)
>> > at System.Web.UI.LosFormatter.Deserialize(String input)
>> > at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
>> > --- End of inner exception stack trace ---
>> > at System.Web.UI.Page.LoadPageStateFromPersistenceMed ium()
>> > at System.Web.UI.Page.LoadPageViewState()
>> > at System.Web.UI.Page.ProcessRequestMain()
>> >
>> >
>>
>>
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Steve Drake |
last post by:
All,
I have a CONTROL that contains 1 control (Control ONE), the 1 control that
it can contain 1 or 2 control (Control A and B).
Control A, raises and event and Control ONE receives this event...
|
by: neo |
last post by:
hi,
I am studying ASP.NET and have few questions -
1) The session ID and values of controls is stored in VIEWSTATE
variable. So now when we put EnableViewState="false" in Page directive and...
|
by: John Crowley |
last post by:
I'm having an odd problem with viewstate and a dynamically created control
inside a repeater template.
Basically, I have a repeater setup like this in the aspx:
|
by: Jay Walker |
last post by:
I created a custom DataGridColumn based on Marcie Robillard's MSDN
Article:
Creating Custom Columns for the ASP.NET Datagrid...
|
by: sourabh |
last post by:
Hi guys
Till now i thougt I understood ViewState but as I was trying write my
LoadViewState method i am sort of confused with what this ViewState is and
what is its use.
I have my LoadViewState...
|
by: Max |
last post by:
I need an vb.net class that is invoked from aspx page, that use the
viewstate/session object.
This class must be store the information into viewstate/session.
Can you give me an example ?
Thanks
|
by: Mark Broadbent |
last post by:
Been a while since I've touched asp.net but one thing that always seems to
fustrate me is the loss of state on variable declarations. Is there anyway
(i.e. assigning an attribute etc) to instruct...
|
by: Robert |
last post by:
I have an app that was originally 1.1, now migrated to 2.0 and have run into
some sporadic viewstate errors...usually saying the viewstate is invalid,
eventvalidation failed or mac error.
My web...
|
by: Christophe Peillet |
last post by:
I have a CompositeControl with two types of properties:
1.) Mapped Properties that map directly to a child control's properties
(ex.: this.TextboxText = m_txt.Text). These properties are handled...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
