I'm intermittently seeing this exception being thrown:
A potentially dangerous Request.QueryString value detected
However when I look in the IIS logs I can see that the request that failed has no querystring logged against it.
How could this be? Are "dangerous" query strings being stripped from the log or something?
I'm not sure that IIS would store a potentially dangerous querystring parameter - unless it didn't recognise it as such.
If you download and run NetSparker (free Community edition) you can find which URLs on your site are vulnerable and examples of querystrings that will cause IIS to record the error.
An example of a 'dangerous' querystring is if a url like the following causes an Internal Error Message; you can cause the error to appear in IIS like this if youe want:
http://your-site.com/your-url?nsextt='"--><script>netsparker(0x00000F)</script>
Netsparker* considers this a low severity issue, with the following impact:
The impact may vary depending on the condition. This might be an indication of a bigger issue such as SQL Injection or could be the result or poor coding practices.
*I use NetSparker - no other connection.
You want to look a level higher in the logging, check the %WINDIR%\System32\LogFiles\HTTPERR folder.
