Potentially dangerous request is loading the page

Asked Apr 10 '18 at 14:20

Active Apr 11 '18 at 04:15

Viewed 77 times

I hosted an application in ASP.NET 4.0 webforms.

When I am browsing hostname/DressDetail.aspx?<script>alert(313)</script>&category=1&code=76 It is showing an error message like: A potentially dangerous Request.QueryString value was detected from the client (="alert(313)

But I am expecting same error message as above when I am browsing hostname/DressDetail.aspx?<script>alert(313)</script>=1&category=1&code=76

But it loads the page. But it should not be. The only difference is an extra =1 in the latter url.

edited Apr 11 '18 at 04:15

wazz

4,953
5
20
34

asked Apr 10 '18 at 14:20

Hrishikesh T T

1

Which framework is this, Web Forms? MVC? Core? – Greg Apr 10 '18 at 14:23
It is in webforms – Hrishikesh T T Apr 10 '18 at 14:30
We need to see your web.config – Greg Apr 10 '18 at 17:51
That's pretty interesting. I just tried it and the page loads, but the alert doesn't fire. There's also nothing in Event Logs (Windows Logs), but there is a warning-log without the -1. – wazz Apr 11 '18 at 00:40
Should probably ask on https://security.stackexchange.com/. – wazz Apr 11 '18 at 00:47
@Greg – Hrishikesh T T Apr 11 '18 at 05:45
@wazz Thanks and I have posted the same in security.stackexchange.com – Hrishikesh T T Apr 11 '18 at 05:53

Potentially dangerous request is loading the page

0 Answers0