ASP.Net DropDown Security

Discussion in 'ASP .Net Security' started by anoop, Jul 10, 2006.

  1. anoop

    anoop Guest

    Hello,
    I have .aspx page which has a dropdown. The Dropdown has 10
    values. Now If I say Select 10th Value at client Side , submit the form and
    Intercept the Form by using an Intercepting proxy (BURP PROXY). Now if I
    change the corresponding passed value of dropdown to an invalid value such as
    ' or '1'='1 and Press the Forward button of the Interceptor. Now the Result is

    The Value of the Dropdown changes to the First Value.
    Now :
    Initial Value - 10th value of dropdown
    Final Value - 1st Value of dropdown

    Now How can I validate this value so that If anyone gives invalid value
    after Form is submitted from the Client Side by intercepting, The Form
    should give one of the result

    1. It should give user defined error
    2. The Value remain selected as it is.

    please help me.

    Thank you
     
    anoop, Jul 10, 2006
    #1
    1. Advertising

  2. Any data you attempt to include in form submissions to help detect changes
    of this type will also be spoofable in the same way. Your best protection
    against on-the-wire data modifications would be to use HTTPS.


    "anoop" <> wrote in message
    news:...
    > Hello,
    > I have .aspx page which has a dropdown. The Dropdown has 10
    > values. Now If I say Select 10th Value at client Side , submit the form
    > and
    > Intercept the Form by using an Intercepting proxy (BURP PROXY). Now if I
    > change the corresponding passed value of dropdown to an invalid value such
    > as
    > ' or '1'='1 and Press the Forward button of the Interceptor. Now the
    > Result is
    >
    > The Value of the Dropdown changes to the First Value.
    > Now :
    > Initial Value - 10th value of dropdown
    > Final Value - 1st Value of dropdown
    >
    > Now How can I validate this value so that If anyone gives invalid value
    > after Form is submitted from the Client Side by intercepting, The Form
    > should give one of the result
    >
    > 1. It should give user defined error
    > 2. The Value remain selected as it is.
    >
    > please help me.
    >
    > Thank you
     
    Nicole Calinoiu, Jul 11, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. vishnu
    Replies:
    1
    Views:
    1,230
    Patrick.O.Ige
    Mar 25, 2006
  2. Mike
    Replies:
    1
    Views:
    824
  3. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    163
    Dinis Cruz
    Oct 11, 2003
  4. Michael Randrup
    Replies:
    3
    Views:
    316
    Henning Krause [MVP]
    Mar 27, 2006
  5. Kursat
    Replies:
    1
    Views:
    331
    Dominick Baier
    May 7, 2007
Loading...

Share This Page