I have my web site set up to e-mail me when an error occurs.
I just got an e-mail saying;
A potentially dangerous Request.Form value was detected from the client (="StackTrace
http://(NotMyName).com/default.aspx?-d+allow_url_include=1+-d+auto_prepend_file=php://input
(The querystring is definately NOT anything generated by any of our code....
Some limited web research indicates this is likely a hack attempt. Any suggestions about where I should look for further clues?
We uses the membership provider with asp.net 4.0. EVERY page in the web first checks to be sure the user is authenticated and redirects to the logon page if they are not. Data is in SQL Server, and some is in APP_DATA folder (nothing private is outside of these locations).
Thoughts?