Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > ASP.Net DropDown Security

Reply
Thread Tools

ASP.Net DropDown Security

 
 
anoop
Guest
Posts: n/a
 
      07-10-2006
Hello,
I have .aspx page which has a dropdown. The Dropdown has 10
values. Now If I say Select 10th Value at client Side , submit the form and
Intercept the Form by using an Intercepting proxy (BURP PROXY). Now if I
change the corresponding passed value of dropdown to an invalid value such as
' or '1'='1 and Press the Forward button of the Interceptor. Now the Result is

The Value of the Dropdown changes to the First Value.
Now :
Initial Value - 10th value of dropdown
Final Value - 1st Value of dropdown

Now How can I validate this value so that If anyone gives invalid value
after Form is submitted from the Client Side by intercepting, The Form
should give one of the result

1. It should give user defined error
2. The Value remain selected as it is.

please help me.

Thank you
 
Reply With Quote
 
 
 
 
Nicole Calinoiu
Guest
Posts: n/a
 
      07-11-2006
Any data you attempt to include in form submissions to help detect changes
of this type will also be spoofable in the same way. Your best protection
against on-the-wire data modifications would be to use HTTPS.


"anoop" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello,
> I have .aspx page which has a dropdown. The Dropdown has 10
> values. Now If I say Select 10th Value at client Side , submit the form
> and
> Intercept the Form by using an Intercepting proxy (BURP PROXY). Now if I
> change the corresponding passed value of dropdown to an invalid value such
> as
> ' or '1'='1 and Press the Forward button of the Interceptor. Now the
> Result is
>
> The Value of the Dropdown changes to the First Value.
> Now :
> Initial Value - 10th value of dropdown
> Final Value - 1st Value of dropdown
>
> Now How can I validate this value so that If anyone gives invalid value
> after Form is submitted from the Client Side by intercepting, The Form
> should give one of the result
>
> 1. It should give user defined error
> 2. The Value remain selected as it is.
>
> please help me.
>
> Thank you



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
1 Gridview. Dropdown A is column from database, Dropdown B is column from database, Data in A and B must be from same row. anonymoushamster@gmail.com ASP .Net 2 11-07-2007 12:40 PM
ajax cascading dropdown: second dropdown disabled acadam ASP .Net 0 12-27-2006 10:59 AM
bind a dropdown in a column in a datagrid based on the dropdown value selected in another column of the datagrid. vishnu ASP .Net 1 03-25-2006 01:24 PM
Select dropdown box bleeds into Javascript dropdown menu Mike HTML 1 12-18-2003 09:49 PM
Edit Mode - How do I populate dropdown in edittemplate from dropdown in another column? Steve Myers ASP .Net Datagrid Control 2 11-20-2003 01:09 PM



Advertisments