Potentially dangerous Request.Form value - Exception

Question

today I receive multiple (50->*) e-mails regarding:

A potentially dangerous Request.Form value was detected from the client (ctl00$Content$InputStreet="OzgYPY  <a href="http://effe...").

and

A potentially dangerous Request.Form value was detected from the client (ctl00$Content$InputStreet="GVdtWm  <a href="http://mxif...").

and

...

on one of my websites. In Global I have some code which sends e-mail when exceptions occur.

The IP address the requests come from is not the same. Is my site under some kind of attack?

Best regards, Lasse Espeholt

Answer 1

These kind of attacks are common, we're monitoring several hundred sites for clients and are building a database of these attacks currently.

The fact that ASP.NET protects against these is good. you're 'secure by default'.

Cheers,

Phil.

Answer 2

I think we'd need more detail to be sure but from the message in the email it looks as if someone is entering a value in your Street field that .NET is regarding as dangerous. This could be a number of things, I see from your profile you are form Denmark, are the Street names there likely to contain anything dangerous?

Examples are < and >.

It could just be a really eager user who wants to sign-up? Or a bunch of people from the same area?

What's the context of the site?

Answer 3

It might be a script injection attack, something/some one is trying to update your form InputStreet input field with script. More info about script injection attacks

Further info: Script injection attacks and ASP.NET