??? RegularExpressionValidator Veri?¬? es user data against a developer-supplied
regular expression.
??? CompareValidator Compares values entered by the user to data in another
control or to a developer-supplied constant value.
??? RangeValidator Validates that user data is within a speci?¬? ed range. Can be
used with many types such as Date or Integer.
??? CustomValidator Provides a mechanism for developers to write their own
custom validators. The CustomValidator can be used for more complex
validation??”for example, validation that checks business logic rules.
Each of these validators has two parts. One portion runs within the client??™s browser
using JavaScript and prevents ASP.Net postbacks if any of the validation logic fails. As
an attacker, remember that client-side validation is easily bypassed by using an attack
web proxy such as WebScarab. The other portion of an ASP.Net validator runs serverside
using native .Net code.
Bypassing Validation by Directly Targeting
Server Event Handlers
Popularity: 4
Simplicity: 4
Impact: 6
Risk Rating: 6
124 Hacking Exposed Web 2.0
When an ASP.Net server postback occurs, ASP.Net will validate all user input by executing
each validator control on the page.
Pages:
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243