Hi, I put following value in my query string, then I got this error
fx=hssGdNlaWq6f 893_E3AcEHaT9sp LQoTEudddVM3nUd Mo6pjOvzqS6x9fR HvkZCYzg4Win6qx SVaV*iMtZgcgaSs V8EhgU3UJD6RKCg 0l6uk8ic8oNhuJK w==
I am wandering what is wrong with this value? I really cannot understand.
--
WWW: http://hardywang.1accesshost.com
ICQ: 3359839
yours Hardy 6 9536
Lookis like it would be iehter * or = that is filtered as malicious...
Try with those chars...
Patrice
--
"Hardy Wang" <ha*******@hotm ail.com> a écrit dans le message de
news:e$******** ******@TK2MSFTN GP14.phx.gbl... Hi, I put following value in my query string, then I got this error
fx=hssGdNlaWq6f 893_E3AcEHaT9sp LQoTEudddVM3nUd Mo6pjOvzqS6x9fR HvkZCYzg4Win6qx S
VaV*iMtZgcgaSsV 8EhgU3UJD6RKCg0 l6uk8ic8oNhuJKw == I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
Hardy,
It's being interpreted as an attempt to pass an "onSomething=do Something();"
script injection. See the thread at http://groups-beta.google.com/group/...1d89511401e979
for more details.
HTH,
Nicole
"Hardy Wang" <ha*******@hotm ail.com> wrote in message
news:e$******** ******@TK2MSFTN GP14.phx.gbl... Hi, I put following value in my query string, then I got this error fx=hssGdNlaWq6f 893_E3AcEHaT9sp LQoTEudddVM3nUd Mo6pjOvzqS6x9fR HvkZCYzg4Win6qx SVaV*iMtZgcgaSs V8EhgU3UJD6RKCg 0l6uk8ic8oNhuJK w==
I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
Not really, if I put
fx=*47dMwS26lKi 3_38XS_xKTlHYsz eDo3fa6ffWmzkuX RkdjhiiFem9i87r RdSxQOIPr*zNNMJ ZeX3Izl7q7pRAO5 aAHCxGJwvQcygRj Q6Dp6jR73y6FP1J A==
Then everything is fine. This value also contains * and ==.
--
WWW: http://hardywang.1accesshost.com
ICQ: 3359839
yours Hardy
"Patrice" <no****@nowhere .com> wrote in message
news:uP******** ******@TK2MSFTN GP15.phx.gbl... Lookis like it would be iehter * or = that is filtered as malicious...
Try with those chars...
Patrice
--
"Hardy Wang" <ha*******@hotm ail.com> a écrit dans le message de news:e$******** ******@TK2MSFTN GP14.phx.gbl... Hi, I put following value in my query string, then I got this error fx=hssGdNlaWq6f 893_E3AcEHaT9sp LQoTEudddVM3nUd Mo6pjOvzqS6x9fR HvkZCYzg4Win6qx S VaV*iMtZgcgaSsV 8EhgU3UJD6RKCg0 l6uk8ic8oNhuJKw == I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
Thanks, based on your post in that thread, "on=" will cause problem, but in
my value I only have "oN" then followed by some other strings.
BTW, I cannot find System.Web.Cros sSiteScriptingV alidation class.
--
WWW: http://hardywang.1accesshost.com
ICQ: 3359839
yours Hardy
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. .. Hardy,
It's being interpreted as an attempt to pass an "onSomething=do Something();" script injection. See the thread at http://groups-beta.google.com/group/...1d89511401e979 for more details.
HTH, Nicole
"Hardy Wang" <ha*******@hotm ail.com> wrote in message news:e$******** ******@TK2MSFTN GP14.phx.gbl... Hi, I put following value in my query string, then I got this error fx=hssGdNlaWq6f 893_E3AcEHaT9sp LQoTEudddVM3nUd Mo6pjOvzqS6x9fR HvkZCYzg4Win6qx SVaV*iMtZgcgaSs V8EhgU3UJD6RKCg 0l6uk8ic8oNhuJK w==
I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
Hardy,
It's not just "on=" that causes the problem. Mike Kozlowski posted regular
expressions for the problem patterns in the earlier thread. If you would
prefer to examine the code yourself, System.Web.Cros sSiteScriptingV alidation
is in System.Web.dll. It's visibility is set to internal, so you might need
to adjust your Reflector settings to see it.
HTH,
NIcole
"Hardy Wang" <ha*******@hotm ail.com> wrote in message
news:Od******** ******@TK2MSFTN GP11.phx.gbl... Thanks, based on your post in that thread, "on=" will cause problem, but in my value I only have "oN" then followed by some other strings.
BTW, I cannot find System.Web.Cros sSiteScriptingV alidation class.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:%2******** ********@TK2MSF TNGP09.phx.gbl. .. Hardy,
It's being interpreted as an attempt to pass an "onSomething=do Something();" script injection. See the thread at http://groups-beta.google.com/group/...1d89511401e979 for more details.
HTH, Nicole
"Hardy Wang" <ha*******@hotm ail.com> wrote in message news:e$******** ******@TK2MSFTN GP14.phx.gbl... Hi, I put following value in my query string, then I got this error fx=hssGdNlaWq6f 893_E3AcEHaT9sp LQoTEudddVM3nUd Mo6pjOvzqS6x9fR HvkZCYzg4Win6qx SVaV*iMtZgcgaSs V8EhgU3UJD6RKCg 0l6uk8ic8oNhuJK w==
I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
"Hardy Wang" <ha*******@hotm ail.com> wrote in message
news:e$******** ******@TK2MSFTN GP14.phx.gbl... Hi, I put following value in my query string, then I got this error
fx=hssGdNlaWq6f 893_E3AcEHaT9sp LQoTEudddVM3nUd Mo6pjOvzqS6x9fR HvkZCYzg4Win6qx S
VaV*iMtZgcgaSsV 8EhgU3UJD6RKCg0 l6uk8ic8oNhuJKw == I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
You can turn off the validation, but you need to make sure your code can
handle malicious encoding. To turn it off
put validaterequest =false in the @page directive. You may want to
research it a bit first. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Anil Kripalani |
last post by:
When a user of our ASP.NET 1.1 application submits a form with the phrase
'manuscript:' in a text field, ASP returns the error 'A potentially
dangerous Request.Form value was detected from the client
(182:BodyField="manuscript: hello").' Why is this seemingly innocent text
triggering this error?
Thanks,
Krip
|
by: Boris |
last post by:
All,
When i use .net FRamework 1.1, for my web application, i get an error
saying "A potentially dangerous querystring was detected from the
client...."
I have read the posts related to this and it seems this is due to some
SECURITY FEATURE in 1.1!!!
My code used to work in 1.0!!! now when the web server gets upgraded
to 1.1, my app. breaks.
|
by: John Morgan |
last post by:
I am attempting to use a try/catch block to trap a querystring which
is caught by ValidateRequest="true" in the @page directive
A simple example of the blockthat does not work is
Try
routeID = Request.QueryString("routeID")
Catch
response.Write("a dangerous query string has been entered")
End Try
|
by: angus |
last post by:
Dear All,
how to try-catch "A potentially dangerous Request.Form value was detected
from the client (txtUserName="<asdf")."
this exception?
i've set the debugger in the Page_InIt function, but this page is shown
before the Page_init function.
i know that i can set validateRequest="false" in my page, but how can i
|
by: STech |
last post by:
If data you post back contains the following string
on<<any sequence of characters>>=
example: on2q3asdf=
The page will throw the following exception:
A potentially dangerous Request.Form value was detected from the client
| |
by: veenakj |
last post by:
Hi
Code snippet
--------------
strErrMsg = "Could not find a part of the path
\"C:\\Temp\\data\\Test.xml\"." }
Server.Transfer("Message.aspx?errormsg=" + Server.UrlEncode(lsErrMsg));
---------------
|
by: Sergey Zuyev |
last post by:
Hello all
I have simple edit form. When user saves data that contains restricted
characters such as (< , etc.) , regular expression validator will display
a warning message. It all works fine, but if users decides to exit the form
using Cancel button then error occurs: A potentially dangerous Request.Form
value was detected from the client. The Cancel button has CausesValidation
set to false.
Is there any way to avoid this error...
|
by: arun |
last post by:
Hi
I want to store the text from a TextBox that contains <br, *, $
etc.to sql server. But it shows me an error message "A potentially
dangerous Request.Form value was detected from the client
(ctl00$ContentPlaceHolder1$Comments="...rts from: <br>14:15 Bus Stop
1..."). "
If the text does not contain these special characters it gets inserted
with out any problem.
|
by: Steve Richter |
last post by:
getting this "potentially dangerous Request.Form value was detected"
exception with a textbox which I have populated with some source
code. I think I am getting the exception when I click OK on the web
page, but that is one of my question, so I am not sure ;)
I am reading how to disable request validation,
http://www.asp.net/faq/RequestValidation.aspx#5
but I dont want to do that. I would rather catch the exception. But I
guess that...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |