A potentially dangerous Request.QueryString value was detected from the client
Your error is due to violation of built in security rules in the ASP platform. These rules prevent injection and cross-site scripting attacks. If you are using MVC there is a handy AntiForgeryToken that can take care of this for you.
Please look into the post from Scot Hanselman
Related videos on Youtube
gvd
Updated on June 04, 2022Comments
-
gvd almost 2 years
I'm using WebForm
I'm doing a Security Testing to my site but when I try to pass through url a QueryString like:
'"-->netsparker(0x00286A) mysite/Error/PageNotFound.aspx?aspxerrorpath=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0030C5)%3C/script%3E
I got Server Error in '/' Application.
A potentially dangerous Request.QueryString value was detected from the client A potentially dangerous Request.Path value was detected from the client (>).
I have in the web.config
<httpRuntime enableVersionHeader="false"/> <customErrors mode="On" defaultRedirect="~/Error/GeneralError.aspx"> <error statusCode="404" redirect="~/Error/PageNotFound.aspx" /> <error statusCode="403" redirect="~/Error/GeneralError.aspx" /> <error statusCode="500" redirect="~/Error/GeneralError.aspx" /> </customErrors> .................. <pages controlRenderingCompatibilityVersion="4.0" viewStateEncryptionMode="Always">
Any idea how can I correct that?
-
Sten Petrov about 9 years
-
-
Malcolm Salvador over 10 yearsThe link does not go anywhere, friend. "Error 404 page not found".
-
codingpirate over 10 years@Malky Corrected the link..
-
gvd over 10 yearsThats not work for ASP.NET WebForm....