A potentially dangerous Request.QueryString value was detected from the client

c# asp.net .net query-string custom-error-handling
17,945

Your error is due to violation of built in security rules in the ASP platform. These rules prevent injection and cross-site scripting attacks. If you are using MVC there is a handy AntiForgeryToken that can take care of this for you.

Please look into the post from Scot Hanselman

http://www.hanselman.com/blog/ExperimentsInWackinessAllowingPercentsAnglebracketsAndOtherNaughtyThingsInTheASPNETIISRequestURL.aspx

Share:
17,945

Related videos on Youtube

gvd
Author by

gvd

Updated on June 04, 2022

Comments

  • gvd
    gvd almost 2 years

    I'm using WebForm

    I'm doing a Security Testing to my site but when I try to pass through url a QueryString like:

    '"-->netsparker(0x00286A) mysite/Error/PageNotFound.aspx?aspxerrorpath=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0030C5)%3C/script%3E

    I got Server Error in '/' Application.

    A potentially dangerous Request.QueryString value was detected from the client A potentially dangerous Request.Path value was detected from the client (>).

    I have in the web.config

    <httpRuntime  enableVersionHeader="false"/>
<customErrors mode="On"  defaultRedirect="~/Error/GeneralError.aspx">
  <error statusCode="404" redirect="~/Error/PageNotFound.aspx" />
  <error statusCode="403" redirect="~/Error/GeneralError.aspx" />    
  <error statusCode="500" redirect="~/Error/GeneralError.aspx" />      
</customErrors>

    ..................

<pages controlRenderingCompatibilityVersion="4.0" viewStateEncryptionMode="Always">

    Any idea how can I correct that?

  • Malcolm Salvador
    Malcolm Salvador over 10 years
    The link does not go anywhere, friend. "Error 404 page not found".
  • codingpirate
    codingpirate over 10 years
    @Malky Corrected the link..
  • gvd
    gvd over 10 years
    Thats not work for ASP.NET WebForm....

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I remove item from querystring in asp.net using c#?
Visual Studio Project Backup
Cannot convert from 'string' to 'System.Net.Http.HttpRequestMessage'
What is the return type for an Event in .NET?
When is destructor called for C# classes in ASP.NET?
Default selection in RadioButtonFor
ASP .NET C# get all text from a file in the web path
xUnit - Display test names for theory memberdata (TestCase)
The name does not exist in the current context
Could not load file or assembly 'Microsoft.SqlServer.Types, Version=12.0.0.0, Culture=neutral, PublicKeyToken=myKey' or one of its dependencies.