United Airlines Bug Bounty Program

After soooome time for the triaging and patching the reported bug. I was awarded with 50,000 miles for reporting a bug to United Airlines, inside their Bugbounty program.

Decided to donate them to Rotary International charity and use them for the great causes.

Small tool to decode ASP.NET __VIEWSTATE variable when doing webpentests

I just wrote a small tool to easily decode ASP.NET __VIEWSTATE variables without having to install the viewstate module into the system with administrative privileges and be able to decode the variables with a small script using a terminal, without writting python code.

Sometimes when doing webpentesting against a ASP web application is useful a tool like this.

$ ./decoder.py "/wEPDwUKMTU5MTA2ODYwOWRkoCvvBWgUOH7PD446qvEOF6GTCq0="
** ASP.NET __VIEWSTATE decoder **

[*] Decoding __VIEWSTATE:
/wEPDwUKMTU5MTA2ODYwOWRkoCvvBWgUOH7PD446qvEOF6GTCq0=
(('1591068609', None), None)

https://github.com/spinfoo/viewstate-decoder