An mvc website can have seriously compromised security if it is not carefully defended against overposting attacks. Attackers can over post request data if controller actions use some sort model binding.
More information about these attacks and how to defend against them can be found at
https://andrewlock.net/preventing-mass-assignment-or-over-posting-in-asp-net-core/
No comments:
Post a Comment