A potentially dangerous Request.Path value was detected from the client (&)

2 posts, 0 answers
  1. Dogu Tumerdem
    Dogu Tumerdem avatar
    39 posts
    Member since:
    Sep 2006

    Posted 07 May 2014 Link to this post

    Hi,

    We have a problem and strongly suspicious about telerik components about this request.

    Our firewall and .net seem the below url as dangerous because of first & sign. We checked our scripts and codes which has a potential to generate such a url, but we couldn't find.

    http://xxx/$$$&?&?$$$?cmd=get_file&arg=block_style.css&sid=2721D35AB490C1FAA14DC203E330729AE1AD88B7

    Can you please check that your components may generate such a request url ?

    We are getting first exception and then the second one, even we cannot find any strong relationship between them, they seems sequentially...

    Telerik.Web.UI version : 2012.1.411.40
    Telerik.Web.UI.Skins version : 2012.1.411.40
    Telerik.Web.Design version : 2012.1.411.40

    Thank you,
    dogu

    First exception:
    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 06.05.2014 08:48:24
    Event time (UTC): 06.05.2014 05:48:24
    Event ID: e2f92e7b72fb4fedbeacc2af4c66ffc3
    Event sequence: 5897
    Event occurrence: 4
    Event detail code: 0
     
    Application information:
        Application domain: /LM/W3SVC/1/ROOT-1-130438116095242020
        Trust level: Full
        Application Virtual Path: /
        Application Path: C:\inetpub\wwwroot\
        Machine name: xxx
     
    Process information:
        Process ID: 9652
        Process name: w3wp.exe
        Account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
     
    Exception information:
        Exception type: HttpException
        Exception message: A potentially dangerous Request.Path value was detected from the client (&).
       at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
       at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
     
    Request information:
        Request URL: http://xxx/$$$&?&?$$$?cmd=get_file&arg=block_style.css&sid=2721D35AB490C1FAA14DC203E330729AE1AD88B7
        Request path: /$$$&?&?$$$
        User host address: 1.2.3.4
        User: 
        Is authenticated: False
        Authentication Type: 
        Thread account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
     
    Thread information:
        Thread ID: 148
        Thread account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
        Is impersonating: False
        Stack trace:    at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
       at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

    Second Exception:
    System.NullReferenceException: Object reference not set to an instance of an object.
       at Telerik.Web.UI.RadCompression.GetCompressionSettingAttribute()
       at Telerik.Web.UI.RadCompression.ShouldApplyOnPostback()
       at Telerik.Web.UI.RadCompression.ShouldExplicitlyAddContentEncoding()
       at Telerik.Web.UI.RadCompression.application_EndRequest(Object sender, EventArgs e)
       at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

  2. Marin Bratanov
    Admin
    Marin Bratanov avatar
    3602 posts

    Posted 08 May 2014 Link to this post

    Hi Dogu,

    I have already answered your other thread with the same question: http://www.telerik.com/forums/a-potentially-dangerous-request-path-value-was-detected-from-the-client-(-)-8d3ade9d0c6e and I suggest we keep any further communication there.


    Regards,

    Marin Bratanov
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  3. UI for ASP.NET Ajax is Ready for VS 2017
Back to Top