Dangerous querystring

[Guest]

I create an encrypted string and when this string is pass into a querystring
to an ASP.Net page I have an error message that said that this querystring is
potentialy dangerous.

Here is an example of a querystring to reproduce the problem :

?var=ONmYtVKAnXuZg%3d

Do you have any idea why this string is dangerous ?

 

[JIMCO Software]

I create an encrypted string and when this string is pass into a
querystring to an ASP.Net page I have an error message that said that
this querystring is potentialy dangerous.

Here is an example of a querystring to reproduce the problem :

?var=ONmYtVKAnXuZg%3d

Do you have any idea why this string is dangerous ?

It's probably the "=on" part of it. The regular expression that is used in
ASP.NET's source will fail on that.

 

[Bruce Barker]

asp.net looks for injection statements for people that don't code well. you
can turn this off in you web config (validateRequest=false).

-- bruce (sqlwork.com)

 

[shiv_koirala]

Probably warning of SQL injection....
-------
Regards ,
C#, VB.NET , SQL SERVER , UML , DESIGN Patterns Interview question book
http://www.geocities.com/dotnetinterviews/
My Interview Blog
http://spaces.msn.com/members/dotnetinterviews/

 

[Lau Lei Cheong]

or you can encode the string before passing. (We Chinese developer nearly
always face the problem here, some Chinese character have the 2nd byte
contains character that'll make the ASP.NET handler panics - i.e.: raise the
above exception )