Security vulnerability created by ASP.NET MVC ModelBinder -


as ask in detail @ can spot security implications/vulnerability of small change asp.net mvc 3.0+ model binder? 1 of versions of cartmodelbinder class (shown below) allows exploitation via mvc modelbinding vulnerability (also called overposting)

can spot one?

ideally should provide answer/results/proof using unittests :)

version 1: using defaultmodelbinder , createmodel

public class cartmodelbinder : defaultmodelbinder {     private const string sessionkey = "cart";      protected override object createmodel(controllercontext controllercontext, modelbindingcontext bindingcontext, type modeltype)     {         // cart session         cart cart = (cart)controllercontext.httpcontext.session[sessionkey];         // create cart if there wasn't 1 in session data         if (cart == null)         {             cart = new cart();             controllercontext.httpcontext.session[sessionkey] = cart;         }         // return cart         return cart;     } }

version 2: using imodelbinder , bindmodel

public class cartmodelbinder : imodelbinder {     private const string sessionkey = "cart";      public object bindmodel(controllercontext controllercontext,modelbindingcontext bindingcontext)     {          // cart session         cart cart = (cart)controllercontext.httpcontext.session[sessionkey];         // create cart if there wasn't 1 in session data         if (cart == null)         {             cart = new cart();             controllercontext.httpcontext.session[sessionkey] = cart;         }         // return cart         return cart;     } }

controller example:

public redirecttorouteresult addtocart(cart cart, int productid, string returnurl) {     product product = repository.products         .firstordefault(p => p.productid == productid);      if (product != null)     {         cart.additem(product, 1);     }     return redirecttoaction("index", new { returnurl }); }

your current design can misused suggested. better solution cart , use instance.

  public class cartcontroller : controller   {         private iproductrepository repository;         private iorderprocessor orderprocessor;         private cart;         public cartcontroller(iproductrepository repo, iorderprocessor proc)         {             repository = repo;             orderprocessor = proc;             cart = session["cart"]; // or cart.current         }          public redirecttorouteresult addtocart(int productid, string returnurl)         {             product product = repository.products                 .firstordefault(p => p.productid == productid);              if (product != null)             {                 cart.additem(product, 1);             }             return redirecttoaction("index", new { returnurl });         }    }

Comments

Post a Comment

Popular posts from this blog

How to mention the localhost in android -

i trying call localhost in android application. unfortunately not possible used several methods emulator local host http://10.0.2.2/android/dbconnection.php and network ip address http://192.168.1.xx/android/dbconnection.php also http://localhost:8080/android/dbconnection.php but nothing connected localhost. purpose refer stackoverflow answers not working i facing same problem when worked on localhost. referred stackoverflow answer got solution create new emulator works fine in new emulator.
Read more

php - Calling a template part from a post -

i include iframe within post in wordpress. located inside content of post, meaning cannot in post template file, otherwise either before or after. i'd add facebook plugin within posts: <div id="socialwrap"><div class="fb-like" data-href="http://onlinearizonahomes.info" data-send="true" data-width="450" data-show-faces="true" data-font="arial"></div></div> i thinking of calling template part within post <?php get_template_part( 'social' ); ?> cannot use php within post without plugin (i'd avoid using plugin this). an alternative using javascript create html in post, seems unnecessary use of javascript. what best way add html within wordpress post? you can use shortcode. add functions.php function cudjex_fbshare( $atts, $content = null ) { global $post; $link = get_permalink($post->id); return '<div id="socialwrap...
Read more