This is a migrated thread and some comments may be shown as answers.

A potentially dangerous Request.Path value was detected from the client (&)

1 Answer 628 Views
Documentation and Tutorials
This is a migrated thread and some comments may be shown as answers.
Dogu
Top achievements
Rank 1
Dogu asked on 07 May 2014, 07:12 AM
Hi,

We have a problem and strongly suspicious about telerik components about this request.

Our firewall and .net seem the below url as dangerous because of first & sign. We checked our scripts and codes which has a potential to generate such a url, but we couldn't find.

http://xxx/$$$&?&?$$$?cmd=get_file&arg=block_style.css&sid=2721D35AB490C1FAA14DC203E330729AE1AD88B7

Can you please check that your components may generate such a request url ?

We are getting first exception and then the second one, even we cannot find any strong relationship between them, they seems sequentially...

Telerik.Web.UI version : 2012.1.411.40
Telerik.Web.UI.Skins version : 2012.1.411.40
Telerik.Web.Design version : 2012.1.411.40

Thank you,
dogu

First exception:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 06.05.2014 08:48:24
Event time (UTC): 06.05.2014 05:48:24
Event ID: e2f92e7b72fb4fedbeacc2af4c66ffc3
Event sequence: 5897
Event occurrence: 4
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1/ROOT-1-130438116095242020
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\inetpub\wwwroot\
    Machine name: xxx
 
Process information:
    Process ID: 9652
    Process name: w3wp.exe
    Account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
 
Exception information:
    Exception type: HttpException
    Exception message: A potentially dangerous Request.Path value was detected from the client (&).
   at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
 
Request information:
    Request URL: http://xxx/$$$&?&?$$$?cmd=get_file&arg=block_style.css&sid=2721D35AB490C1FAA14DC203E330729AE1AD88B7
    Request path: /$$$&?&?$$$
    User host address: 1.2.3.4
    User: 
    Is authenticated: False
    Authentication Type: 
    Thread account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
 
Thread information:
    Thread ID: 148
    Thread account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
    Is impersonating: False
    Stack trace:    at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

Second Exception:
System.NullReferenceException: Object reference not set to an instance of an object.
   at Telerik.Web.UI.RadCompression.GetCompressionSettingAttribute()
   at Telerik.Web.UI.RadCompression.ShouldApplyOnPostback()
   at Telerik.Web.UI.RadCompression.ShouldExplicitlyAddContentEncoding()
   at Telerik.Web.UI.RadCompression.application_EndRequest(Object sender, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

1 Answer, 1 is accepted

Sort by
0
Marin Bratanov
Telerik team
answered on 08 May 2014, 12:45 PM

Hi Dogu,

I have already answered your other thread with the same question: http://www.telerik.com/forums/a-potentially-dangerous-request-path-value-was-detected-from-the-client-(-)-8d3ade9d0c6e and I suggest we keep any further communication there.


Regards,

Marin Bratanov
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
Tags
Documentation and Tutorials
Asked by
Dogu
Top achievements
Rank 1
Answers by
Marin Bratanov
Telerik team
Share this question
or