Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   ASP.Net DropDown Security (http://www.velocityreviews.com/forums/t768772-asp-net-dropdown-security.html)

anoop 07-10-2006 10:33 AM

ASP.Net DropDown Security
 
Hello,
I have .aspx page which has a dropdown. The Dropdown has 10
values. Now If I say Select 10th Value at client Side , submit the form and
Intercept the Form by using an Intercepting proxy (BURP PROXY). Now if I
change the corresponding passed value of dropdown to an invalid value such as
' or '1'='1 and Press the Forward button of the Interceptor. Now the Result is

The Value of the Dropdown changes to the First Value.
Now :
Initial Value - 10th value of dropdown
Final Value - 1st Value of dropdown

Now How can I validate this value so that If anyone gives invalid value
after Form is submitted from the Client Side by intercepting, The Form
should give one of the result

1. It should give user defined error
2. The Value remain selected as it is.

please help me.

Thank you

Nicole Calinoiu 07-11-2006 12:30 PM

Re: ASP.Net DropDown Security
 
Any data you attempt to include in form submissions to help detect changes
of this type will also be spoofable in the same way. Your best protection
against on-the-wire data modifications would be to use HTTPS.


"anoop" <anoop@discussions.microsoft.com> wrote in message
news:B40A5C90-E5AB-4091-B7DE-012142AA99D7@microsoft.com...
> Hello,
> I have .aspx page which has a dropdown. The Dropdown has 10
> values. Now If I say Select 10th Value at client Side , submit the form
> and
> Intercept the Form by using an Intercepting proxy (BURP PROXY). Now if I
> change the corresponding passed value of dropdown to an invalid value such
> as
> ' or '1'='1 and Press the Forward button of the Interceptor. Now the
> Result is
>
> The Value of the Dropdown changes to the First Value.
> Now :
> Initial Value - 10th value of dropdown
> Final Value - 1st Value of dropdown
>
> Now How can I validate this value so that If anyone gives invalid value
> after Form is submitted from the Client Side by intercepting, The Form
> should give one of the result
>
> 1. It should give user defined error
> 2. The Value remain selected as it is.
>
> please help me.
>
> Thank you





All times are GMT. The time now is 11:10 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.