潜在危险的 Request.Form 值 - 异常

发布于 2024-08-11 06:46:45 字数 503 浏览 3 评论 0原文

收到了多封(50->*)电子邮件,内容涉及:

A potentially dangerous Request.Form value was detected from the client (ctl00$Content$InputStreet="OzgYPY  <a href="http://effe...").

A potentially dangerous Request.Form value was detected from the client (ctl00$Content$InputStreet="GVdtWm  <a href="http://mxif...").

……

今天,我在我的一个网站上 在 Global 中,我有一些代码可以在发生异常时发送电子邮件。

请求来自的IP地址不相同。我的网站是否受到某种攻击?

此致, 莱塞·埃斯佩霍尔特

today I receive multiple (50->*) e-mails regarding:

A potentially dangerous Request.Form value was detected from the client (ctl00$Content$InputStreet="OzgYPY  <a href="http://effe...").

and

A potentially dangerous Request.Form value was detected from the client (ctl00$Content$InputStreet="GVdtWm  <a href="http://mxif...").

and

...

on one of my websites. In Global I have some code which sends e-mail when exceptions occur.

The IP address the requests come from is not the same. Is my site under some kind of attack?

Best regards,
Lasse Espeholt

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

烟火散人牵绊 2024-08-18 06:46:45

此类攻击很常见,我们正在为客户监控数百个站点,并且目前正在构建这些攻击的数据库。

ASP.NET 可以防范这些问题,这一点很好。你“默认是安全的”。

干杯,

菲尔。

These kind of attacks are common, we're monitoring several hundred sites for clients and are building a database of these attacks currently.

The fact that ASP.NET protects against these is good. you're 'secure by default'.

Cheers,

Phil.

仅此而已 2024-08-18 06:46:45

我认为我们需要更多详细信息才能确定,但​​从电子邮件中的消息来看,似乎有人在您的 Street 字段中输入了 .NET 认为危险的值。这可能有很多因素,我从你的个人资料中看到你来自丹麦,那里的街道名称可能包含任何危险的东西吗?

例子是<和>。

可能只是一个非常渴望注册的用户?还是来自同一地区的一群人?

该网站的背景是什么?

I think we'd need more detail to be sure but from the message in the email it looks as if someone is entering a value in your Street field that .NET is regarding as dangerous. This could be a number of things, I see from your profile you are form Denmark, are the Street names there likely to contain anything dangerous?

Examples are < and >.

It could just be a really eager user who wants to sign-up? Or a bunch of people from the same area?

What's the context of the site?

白首有我共你 2024-08-18 06:46:45

这可能是一种脚本注入攻击,某物/某人正在尝试使用脚本更新您的表单 InputStreet 输入字段。
有关脚本注入攻击的更多信息

更多信息:脚本注入攻击和 ASP.NET

It might be a script injection attack, something/some one is trying to update your form InputStreet input field with script.
More info about script injection attacks

Further info: Script injection attacks and ASP.NET

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文