Now a days I have a problem of attack on my db mostly in tables where i upload files and saving its path in string formatwhat are the problems i dont know please give solution to prevent from it ltdiv styledisplaynonegterotic adult nonconcensual sex short stories lta hrefhttpastrobixcomastroblogpagepervertedstoriesadultvideoaspxgtgoltagt lesbian adultyouth storiesltdivgtabove metioned part of string appeded in each record of my db table after appending re

Hi PrasunjeetThis is a CrossSite scripting attackYou can set the validateRequest to true at the application levelin config or set it at the page level in page directive For more details refer the below linksltsystemwebgt ltpages buffer34true34 validateRequest34true34 gtltsystemwebgthttpsmsdnmicrosoftcomenuslibraryff649310aspxhttpsmsdnmicrosoftcomenuslibraryff648339aspx

Prevent Script Attacks in ASP.Net

Prasunje...

SOLVED CLOSED ACTIVE ANSWERED
User: Prasunjeet
Posted: on Dec 09, 2015 06:30 AM
Forum: ASP.Net Web Forms
Answer: 1
Views: 2612

Now a days I have a problem of attack on my db mostly in tables where i upload files and saving its path in string format.

what are the problems i dont know? please give solution to prevent from it.

<div style="display:none">erotic adult non-concensual sex short stories <a href="http://astrobix.com/astroblog/page/perverted-stories-adult-video.aspx">go</a> lesbian adult-youth stories</div>

above metioned part of string appeded in each record of my db table

after appending record like below

/myUploads/pressRelease/1.png<div style="display:none">erotic adult non-concensual sex short stories <a href="http://astrobix.com/astroblog/page/perverted-stories-adult-video.aspx">go</a> lesbian adult-youth stories</div>

please give solution to prevent from this kind of attack.

Download FREE API for Word, Excel and PDF in ASP.Net

dharmend...

0 1

Reply
ANSWER
User: dharmendr
Replied: on Dec 09, 2015 06:48 AM
Report

Hi Prasunjeet,

This is a Cross-Site scripting attack.You can set the "validateRequest" to "true" at the application level(in config), or set it at the page level in page directive. For more details refer the below links.

<system.web>
  <pages buffer="true" validateRequest="true" />
</system.web>

https://msdn.microsoft.com/en-us/library/ff649310.aspx

https://msdn.microsoft.com/en-us/library/ff648339.aspx

I agree, here is the link: https://www.e-iceblue.com/Introduce/spire-office-for-net-free.html

Prevent Script Attacks in ASP.Net

Company

Explore

Follow us

Contact Us