A potentially dangerous Request.QueryString value was detected Not run into this before (ASP built in detection), anyone know how this works and what it's based on? http://sla.ckers.org/forum/read.php?4,23676,23676#msg-23676 Thu, 20 Jun 2013 04:51:22 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?4,23676,33240#msg-33240 Re: A potentially dangerous Request.QueryString value was detected http://sla.ckers.org/forum/read.php?4,23676,33240#msg-33240 but if the XSS is into a link or into javascript you can still exploit using quotes, onmouse events and other javascript if your in tags]]> PaPPy CSRF and Session Info Mon, 01 Feb 2010 08:19:45 -0600 http://sla.ckers.org/forum/read.php?4,23676,23698#msg-23698 Re: A potentially dangerous Request.QueryString value was detected http://sla.ckers.org/forum/read.php?4,23676,23698#msg-23698 asilvermtzion CSRF and Session Info Mon, 28 Jul 2008 09:13:45 -0500 http://sla.ckers.org/forum/read.php?4,23676,23683#msg-23683 Re: A potentially dangerous Request.QueryString value was detected http://sla.ckers.org/forum/read.php?4,23676,23683#msg-23683
btw, does this forum support [ code ] tags?]]> r0ckph1sh CSRF and Session Info Sun, 27 Jul 2008 20:26:09 -0500 http://sla.ckers.org/forum/read.php?4,23676,23682#msg-23682 Re: A potentially dangerous Request.QueryString value was detected http://sla.ckers.org/forum/read.php?4,23676,23682#msg-23682
The relevant code is :

internal static bool IsDangerousString(string s, out int matchIndex)
{
matchIndex = 0;
int startIndex = 0;
while (true)
{
int num2 = s.IndexOfAny(startingChars, startIndex);
if (num2 < 0)
{
return false;
}
if (num2 == (s.Length - 1))
{
return false;
}
matchIndex = num2;
char ch = s[num2];
if (ch != '&')
{
if ((ch == '<') && ((IsAtoZ(s[num2 + 1]) || (s[num2 + 1] == '!')) || (s[num2 + 1] == '/')))
{
return true;
}
}
else if (s[num2 + 1] == '#')
{
return true;
}
startIndex = num2 + 1;
}
}




internal static bool IsDangerousUrl(string s)
{
if (string.IsNullOrEmpty(s))
{
return false;
}
s = s.Trim();
int length = s.Length;
if (((((length > 4) && ((s[0] == 'h') || (s[0] == 'H'))) && ((s[1] == 't') || (s[1] == 'T'))) && (((s[2] == 't') || (s[2] == 'T')) && ((s[3] == 'p') || (s[3] == 'P')))) && ((s[4] == ':') || (((length > 5) && ((s[4] == 's') || (s[4] == 'S'))) && (s[5] == ':'))))
{
return false;
}
if (s.IndexOf(':') == -1)
{
return false;
}
return true;
}]]> r0ckph1sh CSRF and Session Info Sun, 27 Jul 2008 20:24:29 -0500 http://sla.ckers.org/forum/read.php?4,23676,23676#msg-23676 A potentially dangerous Request.QueryString value was detected http://sla.ckers.org/forum/read.php?4,23676,23676#msg-23676 asilvermtzion CSRF and Session Info Sun, 27 Jul 2008 11:21:31 -0500