From e8f19acfe92749fe803fc8a6e7cf064c7b0a2154 Mon Sep 17 00:00:00 2001
From: carlospolop <carlospolop@gmail.com>
Date: Wed, 20 Aug 2025 10:56:12 +0200
Subject: [PATCH] f

---
 .../deserialization/exploiting-__viewstate-parameter.md       | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md b/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
index 1d2efe9e0..6aa114c8f 100644
--- a/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
+++ b/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
@@ -249,9 +249,7 @@ ysoserial.exe -p ViewState -g TypeConfuseDelegate -c "whoami" \
   --generator=<VIEWSTATEGEN> --minify
 ```
 
-Rotating static keys or switching to *AutoGenerate* keys in Web .config (`<machineKey ... validationKey="AutoGenerate" decryptionKey="AutoGenerate" />`) mitigates this class of attacks. {{#ref}}
-
-{{#endref}}
+Rotating static keys or switching to *AutoGenerate* keys in Web .config (`<machineKey ... validationKey="AutoGenerate" decryptionKey="AutoGenerate" />`) mitigates this class of attacks.
 
 ### CVE-2025-30406 – Gladinet CentreStack / Triofox hard-coded keys
 Kudelski Security uncovered that multiple CentreStack / Triofox releases shipped with identical `machineKey` values, enabling unauthenticated remote code execution through ViewState forgery (CVE-2025-30406).