A potentially dangerous Request.Path

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

A potentially dangerous Request.Path

Message

01/09/2011 15:15:23

Michel Fournier
Level Extreme Inc.
Petit-Rocher, Nouveau-Brunswick, Canada

01/09/2011 14:15:08

Viv Phillips
Hay-On-Wye, Royaume Uni

Information générale

Forum:

ASP.NET

Catégorie:

Autre

Titre:

Re: A potentially dangerous Request.Path

Versions des environnements

Environment:

VB 9.0

OS:

Windows 7

Network:

Windows 2003 Server

Database:

MS SQL Server

Application:

Web

Divers

Thread ID:

01522446

Message ID:

01522527

Vues:

Ok, here is the result.

It does go in the custom request validator. If I do a normal hit, one without the & character in the path, I can see it executes my code in there. The code is an Event Viewer logging. It does log 18 times the same entry however for one click. This is something I don't understand.

However, if I add the & at the end of the path, it does not execute my custom request validator. It seems IIS takes over the priority in such case and we have no way of intercepting that.

In your test, were you able to test:

http://localhost/MyDirectory
http://localhost/MyDirectory/&

Are those situations both going into your custom request validator? For me, only the first one goes.

Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52

Répondre

Fil

Voir

Click here to load this message in the networking platform