This is a follow up to my post back in August: Asks for AD credentials / "Connection Interrupted" on Postback
The issue popped up again for a new record and I have determined that the offending text is "... Sharepoint site[semi-colon] update team schedule ...". Notice that "[semi-colon] update team"? It's perfectly valid, not SQL injection. Change it to a comma, it submits no problem. Change the "update" to another SQL keyword, the user gets prompted for t开发者_高级运维heir credentials (which are always rejected) and then displays the IIS 401.1 page.
Yes, you need to replace the [semi-colon] with the character, because SO won't let me post.
In the @Page, I have ValidateRequest="false" (yes, the contents from the textboxes are going through HttpUtility.HtmlEncode as parameterized input to a stored procedure)
Any ideas?
This sounds like a load balancer or similar that is seeing ;update and suspecting SQL injection. Look for a piece of offending hardware between you and the web server.
To confirm, try posting the offending text from a session directly on the web server itself. I am guessing that you will have no problem doing so.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论