f

carlospolop · carlospolop · commit e8f19acfe927 · 2025-08-20T10:56:12.000+02:00
diff --git a/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md b/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
@@ -249,9 +249,7 @@ ysoserial.exe -p ViewState -g TypeConfuseDelegate -c "whoami" \
   --generator=<VIEWSTATEGEN> --minify
 ```
 
-Rotating static keys or switching to *AutoGenerate* keys in Web .config (`<machineKey ... validationKey="AutoGenerate" decryptionKey="AutoGenerate" />`) mitigates this class of attacks. {{#ref}}
-
-{{#endref}}
+Rotating static keys or switching to *AutoGenerate* keys in Web .config (`<machineKey ... validationKey="AutoGenerate" decryptionKey="AutoGenerate" />`) mitigates this class of attacks.
 
 ### CVE-2025-30406 – Gladinet CentreStack / Triofox hard-coded keys
 Kudelski Security uncovered that multiple CentreStack / Triofox releases shipped with identical `machineKey` values, enabling unauthenticated remote code execution through ViewState forgery (CVE-2025-30406).
