I am using the RadNumericTextBox (RNTB) for integer quantity input in an "add to basket" function several places on my website.
Lately however, I am being targeted by malicious post/injection attacks targeting the RNTB control, causing it to throw the following exception: "Text property cannot be set. Input string was not in a correct format."
The only data retrieval I am doing from RNTB, are using the DbValue property as follows:
At no point am I assigning values to the RNTB fields from dynamic code. Only an initial value of 1 is set programmatically on the control: Value="1" MinValue="1" MaxValue="65535"
Attached (at end of post, since .txt attachments are not allowed) is a dump from my exception handler, detailing the malicious form data which are sent to my pages.
I am very interested in handling this exception and ignoring it, as I suspect the current exception my pages are throwing, are only encouraging the perpetrators to continue trying.
Lately however, I am being targeted by malicious post/injection attacks targeting the RNTB control, causing it to throw the following exception: "Text property cannot be set. Input string was not in a correct format."
The only data retrieval I am doing from RNTB, are using the DbValue property as follows:
short qty; |
if (numQuantity.DbValue != null && Int16.TryParse(numQuantity.DbValue.ToString(), out qty)) |
{ |
EET.Web.UserContext.Basket.Add(ItemId, qty); |
} |
At no point am I assigning values to the RNTB fields from dynamic code. Only an initial value of 1 is set programmatically on the control: Value="1" MinValue="1" MaxValue="65535"
Attached (at end of post, since .txt attachments are not allowed) is a dump from my exception handler, detailing the malicious form data which are sent to my pages.
I am very interested in handling this exception and ignoring it, as I suspect the current exception my pages are throwing, are only encouraging the perpetrators to continue trying.
Server IP: 10.10.20.112 |
Client IP: 200.96.49.4 |
Client UA: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
Customer: : INTERNET |
User Id: : |
Database: : WebshopFR |
Page: /product.aspx?id=MBLY%2f2GB&path=Kingston-2GB-Mobility-Multi-Kit |
1: Message: Text property cannot be set. Input string was not in a correct format. |
1: Source: Telerik.Web.UI |
1: Stack Trace: |
1: at Telerik.Web.UI.RadNumericTextBox.RangeTextProperty(String value) |
1: at Telerik.Web.UI.RadNumericTextBox.set_Text(String value) |
1: at Telerik.Web.UI.RadInputControl.LoadPostData(String postDataKey, NameValueCollection postCollection) |
1: at Telerik.Web.UI.RadWebControl.System.Web.UI.IPostBackDataHandler.LoadPostData(String postDataKey, NameValueCollection postCollection) |
1: at System.Web.UI.Page.ProcessPostData(NameValueCollection postData, Boolean fBeforeLoad) |
1: at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) |
1: Target Site: System.String RangeTextProperty(System.String) |
Form Data: |
ctl00_ctl00_ScriptManager_HiddenField: |
__EVENTTARGET: |
__EVENTARGUMENT: |
__LASTFOCUS: |
__SCROLLPOSITIONX: 0 |
__SCROLLPOSITIONY: 0 |
ctl00$ctl00$loginBox$txtUsername: rglzfkej |
ctl00$ctl00$loginBox$txtPassword: hivxcw |
ctl00$ctl00$loginBox$chkRemember: on |
ctl00$ctl00$txtSearch: ref/PN ou mots clés ici |
ctl00$ctl00$listLanguages: fr-fr |
ctl00_ctl00_PageContents_PageContents_itemDetails_repItem_ctl00_atb_numQuantity_text: 2rand[0,1,1] |
ctl00$ctl00$PageContents$PageContents$itemDetails$repItem$ctl00$atb$numQuantity: 2rand[0,1,1] |
ctl00_ctl00_PageContents_PageContents_itemDetails_repItem_ctl00_atb_numQuantity_ClientState: |
ctl00_ctl00_PageContents_PageContents_tabsDetails_ClientState: |
ctl00_ctl00_PageContents_PageContents_itemList_tblProducts_ClientState: |
ctl00_ctl00_PageContents_PageContents_mpDetails_ClientState: |
ctl00_ctl00_Menus_tree_ClientState: |
ctl00_ctl00_Menus_Right_repMostSold_ctl01_atb_numQuantity_text: 61 |
ctl00$ctl00$Menus$Right$repMostSold$ctl01$atb$numQuantity: 1 |
ctl00_ctl00_Menus_Right_repMostSold_ctl01_atb_numQuantity_ClientState: |
ctl00$ctl00$Menus$Right$repMostSold$ctl01$atb$btnAddToBasket: |
ctl00_ctl00_Menus_Right_repMostSold_ctl02_atb_numQuantity_text: 4 |
ctl00$ctl00$Menus$Right$repMostSold$ctl02$atb$numQuantity: 6 |
ctl00_ctl00_Menus_Right_repMostSold_ctl02_atb_numQuantity_ClientState: |
ctl00_ctl00_Menus_Right_repMostSold_ctl03_atb_numQuantity_text: 1 |
ctl00$ctl00$Menus$Right$repMostSold$ctl03$atb$numQuantity: 8 |
ctl00_ctl00_Menus_Right_repMostSold_ctl03_atb_numQuantity_ClientState: |
ctl00_ctl00_Menus_Right_repMostSold_ctl04_atb_numQuantity_text: 13 |
ctl00$ctl00$Menus$Right$repMostSold$ctl04$atb$numQuantity: 85 |
ctl00_ctl00_Menus_Right_repMostSold_ctl04_atb_numQuantity_ClientState: |