From the course: ASP.NET MVC 5 Identity: Authentication and Authorization

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Vulnerability: Object binding vulnerability

Vulnerability: Object binding vulnerability

From the course: ASP.NET MVC 5 Identity: Authentication and Authorization

Start my 1-month free trial

Vulnerability: Object binding vulnerability

- [Instructor] Binding is an important mechanism in ASP.NET MVC applications. We use binding when we want to show some data to the view or when we want to get some data from the view. The default behavior of object binding in ASP.NET MVC 5 is to map all the incoming parameters to an object, including any associated objects, which can easily expose us to attacks. Let us say that the application for a university allows us to create new departments, but there is no limitation on attaching additional associated objects to the department object, like, for example, professors. By nesting an additional professor object in the department create request to the server, a new professor object completely under the hacker's control is saved to the database. The adjacent object request would look something like this. So here we have the properties for the department and the professor attached to it. So before we send the request to our controller, let us go to the action and put a breaking point…

Contents