ASP.NET implements a method to verify that every postback comes from the corresponding control, which is called EventValidation. In some cases the developers disable this kind of verifications by adding EnableEventValidation=”false” to the .aspx file header, or in the web.config or system.config files. This plugin finds pages that have event validation disabled. In some cases, if you analyze the logic of the program and event validation is disabled, you’ll be able to bypass authorizations or some other controls.
This plugin doesn’t have any user configured options.
This plugin has no dependencies.