POST /default.aspx HTTP/1.1 X-AspNet-Version: 4.0.30319 Content-Type: application/x-www-form-urlencoded __VIEWSTATE=/wEPDwUKLT... (malicious Base64 blob)
<system.web> <httpRuntime enableVersionHeader="false" /> </system.web> : x-aspnet-version 4.0.3 vulnerabilities
protected void Application_PreSendRequestHeaders(object sender, EventArgs e) POST /default
Response.Headers.Remove("X-AspNet-Version"); httpRuntime enableVersionHeader="false" />