Sign in to follow this  
geo2004

[web] Composite Control wierd UrlReferrer.Host

Recommended Posts

I have a ASP .Net 2.0 Composite Control that I created at work. It is a simple control used to gather information like name, address, email, phone. We host this form on several different pages throughout our domain. We want to track how much traffic each form gets, so I get the domain from Context.Request.UrlReferrer.Host, and I get the page from Context.Request.UrlReferrer.AbsolutePath. With this information we can track exactly how much traffic each form gets. We noticed today that we have some info in our database that came from one of these forms, but the domain and page are ones we've never heard of before (I know its from code executed on this form because we insert a certain 'created by' parameter for that row in the database). I'm trying to figure out how this is possible? Is it possible for a bot or something to fill out the info on the page, and somehow trick it to think its being referred from a different page? Or is someone actually able to host this form on their site? I'm not a security guru by any means, but both of these seem very unlikely. Does anyone know how something like this might be done? Note: The dll for the control is kept in the /bin folder of our site, not the GAC, if that matters at all. Thanks, Geo

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this