Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 22
Members Online: 1

Registered Members: 82856
Newest Member: djtonyg
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-06-08 19:06
i got this error when i was trying an xss on a site and i don't know what it is somaybe you can figure it out


Server Error in '/' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ctl07$txtSearch=""/><marqee><h1>fallingm...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ctl07$txtSearch=""/><marqee><h1>fallingm...").

Source Error:

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

<%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.

Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ctl07$txtSearch=""/><marqee><h1>fallingm...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +3308446
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +108
System.Web.HttpRequest.get_Form() +119
System.Web.HttpRequest.get_HasForm() +57
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +2070529
System.Web.UI.Page.DeterminePostBackMode() +63
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6978
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.index_aspx.ProcessRequest(HttpContext context) +4
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +303
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64




--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.832; ASP.NET Version:2.0.50727.832





Edited by on 18-06-08 19:07
Author

RE: ?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-06-08 19:25
Did you get an alert to pop up?


Author

RE: ?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-06-08 19:27
i was using "/><marqee><h1>fallingmidget</h1></marquee>

but yeah it worked. i was just wondering because this is like the 5th site today that was using .aspx that has done this.


Author

RE: ?

I-O-W-A
Member



Posts: 206
Location: Somewhere Only I Know
Joined: 01.08.06
Rank:
Apprentice
Posted on 18-06-08 19:43
.aspx pages are usualy quite sophsitacted web apps so if your getting tht type of error it probs means tht you've got more than just xss vunrabilitis


img517.imageshack.us/img517/8460/iowasssec7kh5.jpg

^thanx x-x for the sig^



img411.imageshack.us/img411/7846/sigforiowa2px1.gif
thanks CyberSpider For The Sig ^^


You See My Soul Its Kinda Grey, You See My Heart You look Away
the_new_abortion_is_here@hotmail.com
Author

RE: ?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-06-08 19:56
hence me asking. but so far i'm at 24 web site that have given me that all using

search.aspx?s="/><marquee><h1>fallingmidget</h1></marquee>




Edited by on 18-06-08 20:09
Author

RE: ?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-06-08 20:08
i noticed u spelled marquee at the beginning marqee...would that effect it?
Author

RE: ?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-06-08 20:10
no just misspelled it. srry its fixed it.


Author

RE: ?

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 19-06-08 00:18
It's nothing. Well, you now have little information about the box you are trying to attack.

Yay.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net