Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, June 7, 2011 2:08 PM
I have a page where a user can enter a "comment" which is then saved in a database. If an error occurs on any of my pages, I receive an email letting me know about the error. We have hundreds of users that use this particular page, but one user is frequently (according to my emails) getting the following error:
Error Type: System.Web.HttpRequestValidationException
Browser Message: A potentially dangerous Request.RawUrl value was detected from the client (="...0%20%20%20<option%20v...").
When the page loads, I am passing some information from a previous page using QueryString. Typically the query string would contain a GUID & a string telling me what type of comment they are adding.
Typically the URL would look something like this (removed the domain) :
addcomment.aspx?ID=8245F8B7-8399-40EA-9800-82EF5257A2FE&CommentType=Attempt
For this user, (according to the email I receive) the URL looks like this:
addcomment.aspx?_TSM_HiddenField_=ToolkitScriptManager1_HiddenField&_TSM_Combinox
I use the AJAX Control Toolkit on the page for the Calendar extender.
I am not able to reproduce the error & the user claims they are not getting any errors. The "..potentially dangerous.." part of the error scares me & makes me wonder if this is a hack attempt. Not sure what information I'll need to provide in this forum for help w/ figuring out what might be causing the error (so I can handle the error).
Any help is appreciated! Thank you!
All replies (4)
Wednesday, June 8, 2011 11:04 PM âś…Answered
Hello
You may try refering this article to see if it is helpful for you to identify a possible attack, http://software.intel.com/en-us/blogs/2007/09/20/hacking-intel-xss-security-exploit-with-aspnet-using-rewritepath-and-requestrawurl-bypassing-aspnet-native-script-protection//
Tuesday, June 7, 2011 11:10 PM
Hi, Please refer this
http://www.aspcode.net/A-potentially-dangerous-RequestForm-value-was-detected-from-the-client.aspx
Wednesday, June 8, 2011 10:24 AM
Thank you, I actually saw those same two pages (and several others) while searching Google prior to posting in this forum. How would I catch this if it is only happening for one person? The script block for me & all other users (and this same user when we are on the phone) looks like this:
<script src="addcomment.aspx?_TSM_HiddenField_=ToolkitScriptManager1_HiddenField&_TSM_CombinedScripts_=%3b%3bAjaxControlToolkit%2c+Version%3d3.5.40412.0%2c+Culture%3dneutral%2c+PublicKeyToken%3d28f01b0e84b6d53e%3aen-US%3a1547e793-5b7e-48fe-8490-03a375b13a33%3a475a4ef5%3aaddc6819%3a5546a2b%3ad2e10b12%3aeffe2a26%3a37e2e5c9%3a5a682656%3ac7029a2%3ae9e598a9" type="text/javascript"></script>
Is it possible for the user to somehow change what is in this script block?
I also did some testing by putting HTML in some of my form fields. Each time that causes a "Request.Form" error, not "Request.RawURL" (which is what this one user is seeing).
Thursday, July 28, 2011 5:09 AM
Hi Chris,
i also receive same type of error this error come when we enter html tag or " < >" this type of character we get potentially dangerous request error . if we disable this by using requestvalidation=flase in page directive then we need to handle this the error is remove but may b some harmfull information is added in database you save the commment in database.
Best regards
yasir butt