titaniumbunker.com

Evil geniuses and world domination are 2 of our goals... we also like Dr Who

Searching on fighting knives throws error :

no comment
fighting knives - search error when searching

fighting knives – search error when searching

Thanks to Stuart Baldwin for pointing this one out : searching for anything on fightingknives.info for anything breaks the site, returning the message :

A potentially dangerous Request.Path value was detected from the client (&).

Looking at the favicon it appears to be a DotNet Nuke site – wow… that’s old – so old that I think this was originally running on the .NET 2 framework,

Anyway – the reason for this is the search url that the site navigates to when searching :

http://www.fightingknives.info/fighitngknivesinfo/search-results&Search=test

From the stack trace it seems that this site is running under .NET framework v4, and there were changes made to the v4 framework that extended request validation from only .aspx requests, to all requests.

To ‘fix’ this the site owner can add :

<httpRuntime requestValidationMode="2.0" />

To their web.config file, to prevent this from happening – or alter their application pool to use the older .NET frameworks (should be fine in version 2, may be fine in version 3 and 3.5)  I say’fix’ because really they should be perhaps looking to update to a newer version, or re-writing their search facility to not pass potentially dangerous characters into their own requests.

Thanks Stuart

Tags:

Comments are closed.



Categories

Archives

Tags