I've recently started seeing in my log file lots of bad requests that look like this:
(example.com, here, is MY application domain.)
This is rejected by my ASP.NET application, with the message A potentially dangerous Request.Path value was detected from the client so it isn't causing harm. Yet.
But, even when they don't work, I want to understand the nature of the attack, so I can defend against future versions of it. Here I don't understand what the goal is. The url that they've tried to inject isn't even valid. There's only one slash after the https and there's no top level domain (just adserver.video). So even if they tricked me or the user to click this, I can't see how it would accomplish anything.
Finally, the server logs show that the referrer is also example.com, so I'm wondering if that's faked, or if they're hijacking links on the page and submitting them with script, or waiting for the user to click on them, in which case they're breaking the site, because the links are now poisoned by the bad request. This would be something I need to address.
So, what's going on here, and how can I prevent it?
Aucun commentaire:
Enregistrer un commentaire