Request made to URL containing pieces of code

Question

I found in the error logs of my website requests made to URLs containing invalid characters. The URLs that are requested are made of pieces of code, e.g:

/Templat<div class="right-se

*The URLs are always a mix of pieces of code. Different parts from different places in the same page. Liket the example above, which the first part is a path to the CSS file and the second is a HTML tag.

I have been analyzing all the errors found to try to find a pattern, but no luck. They happen in different pages, of different types.

The only two pattern I seem to find is that all the URLs or most of the start with '/Templates' or a piece of that text '/T' and that all the errors are in IE7 and IE8

This is the error shown in the logs:

Class and function: Global.asax.Application_Error
Exception type: 
Message: RawUrl: /T        <div id=
Referrer path and query: /aboutus
User web browser: IE. Version: 8.0.

A potentially dangerous Request.Path value was detected from the client (<).
Stack trace:    at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

I have not been able to reproduce the error in the test environment or production, and don't know really where to start looking at my code.

The website is made in ASP .NET running in IIS7 with .NET 4.0

Thanks

Answer 1

ASP .Net does a request validation for preventing different "hacking" attacks. When an input looks like that, it raises these errors.
Many crawlers scan websites, some might be asked to do this (your company paid for) other simply to find vulnerabilities and exploit them. The requested URLs might not look with something you have in the sitemap.