DerScanner
Home / Vulnerability Database / C-sharp : Value shadowing
C#

C-sharp : Value shadowing

Overview

The application calls a variable ambiguously, which can give an attacker access to private data.

A developer can access variables from the QueryString, Form, Cookies or ServerVariables collections via the HttpRequest class like arrays (e.g. Request[“myValue”]). When there is more than one variable with the same name, there is returned the value of the variable that appears first when the collections are searched in the following order: QueryString, Form, Cookies then ServerVariables. QueryString comes first in the search order, thus, its parameters can supersede values from Form, Cookies then ServerVariables. The same situation is for Forms and so on.

References

  1. ASP.Net Value Shadowing
CRITICAL

DerScanner Severity Score

Do you want to fix C-sharp : Value shadowing in your application?

See also

C#

C-sharp : JWT: None Algorithm

C#

C-sharp : Insecure data transmission: Database

C#

C-sharp : Only one of method Equals() and GetHashCode() defined