maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

f

Browse Source
This commit is contained in:
carlospolop 2025-08-20 10:56:12 +02:00
parent 22bea233ef
commit e8f19acfe9
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
View File

@ -249,9 +249,7 @@ ysoserial.exe -p ViewState -g TypeConfuseDelegate -c "whoami" \
--generator=<VIEWSTATEGEN> --minify
```
Rotating static keys or switching to *AutoGenerate* keys in Web .config (`<machineKey ... validationKey="AutoGenerate" decryptionKey="AutoGenerate" />`) mitigates this class of attacks. {{#ref}}
{{#endref}}
Rotating static keys or switching to *AutoGenerate* keys in Web .config (`<machineKey ... validationKey="AutoGenerate" decryptionKey="AutoGenerate" />`) mitigates this class of attacks.
### CVE-2025-30406 Gladinet CentreStack / Triofox hard-coded keys
Kudelski Security uncovered that multiple CentreStack / Triofox releases shipped with identical `machineKey` values, enabling unauthenticated remote code execution through ViewState forgery (CVE-2025-30406).