StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POInvalid Viewstate with Hack Attempt -1 in String
text
Body
copied!<p>Update, the question is: Can I block the form string value of -1' before it hits Global.asax? </p> <p>So, we get these errors in Global.asax fairly consistently. It is a form based, bot hack attempt that tries to pass invalid form values. The one thing that stays the same is that one of the form values is "-1". If I can block that, then I would be ok. However, I can't block it on the page because Global.asax is getting the error first and causing the page error. How can I check for this string and stop processing? </p> <pre><code>Error Message: System.FormatException: Invalid length for a Base-64 char array. at System.Convert.FromBase64String(String s) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState) at System.Web.UI.HiddenFieldPageStatePersister.Load() Form Values: advsearch:1 keywords: ctl00$footer1$ddlcurrency:1 ctl00$cpmaincontent$ddlcategory:170 ctl00$cpmaincontent$ddlsubcategory:0 ctl00$cpmaincontent$ddlsortby:0 ctl00$ucfooter$ddlcurrency:1 __viewstate:/... __eventvalidation:/... ctl00$footer1$sitepath:1 ctl00$ucheader$hdnsplitedval:1 ctl00$ucheader$txtsearch:1 ctl00$ucheader$btnsearch:search ctl00$cpmaincontent$txtkeyword:1 ctl00$cpmaincontent$btnsearch:1 ctl00$cpmaincontent$uccolleft$hfcatname:1 ctl00$cpmaincontent$uccolleft$hfsubcatname:0 ctl00$ucfooter$sitepath:-1'<-------- </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload