Snitz Forums 2000 - Keeping the querystring-injectors out

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Snitz Forums 2000 MOD-Group

MOD Add-On Forum (W/Code)

Keeping the querystring-injectors out

New Topic

Reply to Topic

Printer Friendly

Author

Topic

Page: of 2

Giumer
Junior Member

Italy
163 Posts

Posted - 26 December 2012 : 11:26:59

but the page does not mean 404 page not found?

=======================
http://www.Giumer.it/forum

=======================

Carefree
Advanced Member

Philippines
4207 Posts

Posted - 26 December 2012 : 12:31:03

quote:
Originally posted by HuwR

strictly speaking you should be issuing a 400 Bad Request not a 401 Unauthorized

Maybe so ... but if someone is trying to hack me, I think "unauthorized" is precisely what I want to say.

quote:
Originally posted by Giumer

but the page does not mean 404 page not found?

No. The page is found, but the query string passed isn't allowed. If you want a custom 404 page, that's a whole different topic.

Edited by - Carefree on 26 December 2012 12:33:54

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 26 December 2012 : 13:01:15

Unauthorized normally implies it has failed authentication, but in fact you are failing it due to bad request parameters being passed not because it is failing any kind of authentication.

MVC .net dev/test site | MVC .net running on Raspberry Pi

Carefree
Advanced Member

Philippines
4207 Posts

Posted - 30 December 2012 : 00:30:22

quote:
Originally posted by Giumer

ok !! Grazie !! test !! http://giumer.it/forum/topic.asp?topic_id=6205+lamehackattack$

Works perfectly (in my opinion LOL). Testing it as "http://giumer.it/forum/default.asp?id=!#test" results in the attempted hack message.

Edited by - Carefree on 30 December 2012 00:31:42

Page: of 2

Topic

New Topic

Reply to Topic

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.05 seconds.