0

I am getting a exception from my ASP.net web application that is on our dmz server. Not really sure what it causing it and how to handle the error tHis is the exception I am logging

Exception occured in: System.Web.HttpRequest.ValidateString
Message: A potentially dangerous Request.Form value was detected from the client (="<?php system("wget 2...").
Source: System.Web
Stack Trace: at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.get_Form()
   at System.Web.UI.PageRequestManager.IsAsyncPostBackRequest(HttpRequestBase request)
   at System.Web.Handlers.ScriptModule.HttpResponse_Redirecting(Object sender, EventArgs e)
   at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent)
   at System.Web.Security.FormsAuthenticationModule.OnLeave(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

I tried copying and pasting into the textbox to see if maybe that is how to replicate the error. Any help would be greatly appreciated.

hutchonoid
  • 32,982
  • 15
  • 99
  • 104
Spafa9
  • 742
  • 3
  • 14
  • 30
  • possible duplicate of [A potentially dangerous Request.Form value was detected from the client](http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client) – David Sep 16 '14 at 12:34
  • 3
    That usually happens when user input looks like HTML or JavaScript -- ASP.NET recognizes this and lets you know. It's there to prevent XSS attacks and the like. There are ways to turn the validation off, but I'm not sure you'd want to do that. – Cᴏʀʏ Sep 16 '14 at 12:35
  • ya I definitely don't want to turn it off but I am thinking I might filter out the textboxes and not allow certain characters. – Spafa9 Sep 16 '14 at 12:40
  • It looks like somebody was trying to be clever and get your server to execute some PHP code. With the `wget` they could be trying to download malware to your server and attempt to execute it. ASP.NET did good, it did. – Cᴏʀʏ Sep 16 '14 at 12:41
  • Yes it did I am happy it picked it up. Just want to try and button it up a little more so they can't event try and put in the script. I am thinking they did it on the login page. Thanks for you help! – Spafa9 Sep 16 '14 at 12:46
  • 1
    The thing is, even if you block it (via client-side script) on your forms, there's nothing to stop someone attempting to send that sort of request to your server anyway. ASP.NET won't let you catch it server-side as this error will still get thrown before you get a chance to look at it. – Zhaph - Ben Duguid Sep 16 '14 at 13:53

0 Answers0