Dangerous querystring

Guest · Oct 21, 2005

I create an encrypted string and when this string is pass into a querystring
to an ASP.Net page I have an error message that said that this querystring is
potentialy dangerous.

Here is an example of a querystring to reproduce the problem :

?var=ONmYtVKAnXuZg%3d

Do you have any idea why this string is dangerous ?

JIMCO Software · Oct 22, 2005

sylvain said:
I create an encrypted string and when this string is pass into a
querystring to an ASP.Net page I have an error message that said that
this querystring is potentialy dangerous.

Here is an example of a querystring to reproduce the problem :

?var=ONmYtVKAnXuZg%3d

Do you have any idea why this string is dangerous ?

It's probably the "=on" part of it. The regular expression that is used in
ASP.NET's source will fail on that.

Bruce Barker · Oct 22, 2005

asp.net looks for injection statements for people that don't code well. you
can turn this off in you web config (validateRequest=false).

-- bruce (sqlwork.com)

shiv_koirala · Oct 22, 2005

Probably warning of SQL injection....
-------
Regards ,
C#, VB.NET , SQL SERVER , UML , DESIGN Patterns Interview question book
http://www.geocities.com/dotnetinterviews/
My Interview Blog
http://spaces.msn.com/members/dotnetinterviews/

Lau Lei Cheong · Oct 22, 2005

or you can encode the string before passing. (We Chinese developer nearly
always face the problem here, some Chinese character have the 2nd byte
contains character that'll make the ASP.NET handler panics - i.e.: raise the
above exception

)

Dangerous querystring

Guest

JIMCO Software

Bruce Barker

shiv_koirala

Lau Lei Cheong