Does the filter break multipart/formdata forms?

Jun 17, 2008 at 2:11 PM

Hello all,

When the filter is installed on our webserver (server 2003), forms which are marked as multipart/formdata forms stop working.

The following error message is shown:

Microsoft VBScript runtime error '800a0005'
<?xml:namespace prefix = o /><o:p></o:p>

Invalid procedure call or argument: 'MidB'


Are we doing something wrong or is there are workaround known?

Thank you in advance for your reply.

Martijn van Mechelen

Jun 18, 2008 at 11:21 AM
Hi,

We are also having trouble problems with multipart/formdata forms. In fact we can't use this program at all since it doesn't seem to work with uploads. We are using aspSmartUpload for uploads and it always worked fine until we installed this program.

We had to uninstall it for the time been.

Is there something we maybe are doing wrong or is there a fix for this in the near future?

Thank you in advance,

Lars FORNELL
Coordinator
Jun 18, 2008 at 5:02 PM

You are probably right. The filter is not treating uploads differently. Can you send me the netmon of the request so I can see how to remedy/fix this?

 

Thanks,

 

Rodney

Jun 19, 2008 at 11:06 AM
The error I get is  "Subscript out of range". This error normally only occurs when you have not specified " enctype="multipart/form-data"" in your form.

When I create the object "Set Upl = Server.CreateObject("aspSmartUpload.SmartUpload")" it works fine but when I do the actual upload by "Upl.Upload" the connection to serveur breaks.

I suspect that the filter can't handly binary requests.

Lars
Jun 23, 2008 at 12:09 PM
I'm sorry. It's not possible to get a netmon from the provider.

Maybe somebody else can provide a netmon for this problem?

Martijn
Jun 23, 2008 at 3:35 PM
Sinnce we have our own server we could obtain a netmon.

The only thing is that I don't really know too well how to do this.

How do I obtain a netmon of the request on a Windows Server 2003 IIS ?

Lars

martijnvm wrote:
I'm sorry. It's not possible to get a netmon from the provider.

Maybe somebody else can provide a netmon for this problem?

Martijn


Jun 23, 2008 at 11:55 PM
I am fighting the boost errors in the solution I downloaded.  I can't build the solution. I got the following error :

Error 1 fatal error C1083: Cannot open include file: 'boost/regex.hpp': No such file or directory c:\documents and settings\ryan\desktop\iis6sqlinjection-7391\isapiclipsqlinjection\isapiclipsqlinjection\sqlcleanup.h 4 


When I have the ISAPI installed and running on my website I get errors during upload and also when I am requesting ServerVariables.

Request.ServerVariables("QUERY_STRING") always returns an empty string. It doesn't really throw an error, but it is not working correctly.


Jun 24, 2008 at 11:53 AM
This is the netmon of the request I send:

---8<----------------------------------------
  Frame:
- Ethernet: Etype = Internet IP (IPv4)
  - DestinationAddress: Netgear, Inc. BD73EF
     IG:  (0.......) Individual address
     UL:  (.0......) Universally Administered Address
     Rsv: (..000000)
  - SourceAddress: Netgear Inc. 18C1C4
     UL: .0...... Universally Administered Address
    EthernetType: Internet IP (IPv4), 2048(0x800)
- Ipv4: Next Protocol = TCP, Packet ID = 32682, Total IP Length = 1500
  - Versions: IPv4, Internet Protocol; Header Length = 20
     Version:      (0100....) IPv4, Internet Protocol
     HeaderLength: (....0101) 20 bytes (0x5)
  - DifferentiatedServicesField: DSCP: 0, ECN: 0
     DSCP: (000000..) Differentiated services codepoint 0
     ECT:  (......0.) ECN-Capable Transport not set
     CE:   (.......0) ECN-CE not set
    TotalLength: 1500 (0x5DC)
    Identification: 32682 (0x7FAA)
  - FragmentFlags: 16384 (0x4000)
     Reserved: (0...............)
     DF:       (.1..............) Do not fragment
     MF:       (..0.............) This is the last fragment
     Offset:   (...0000000000000) 0
    TimeToLive: 127 (0x7F)
    NextProtocol: TCP, 6(0x6)
    Checksum: 24463 (0x5F8F)
    SourceAddress: 10.1.1.1
    DestinationAddress: 10.1.1.224
- Tcp: Flags=....A..., SrcPort=3636, DstPort=HTTP(80), Len=1460, Seq=3764422374 - 3764423834, Ack=1898161022, Win=65535 (scale factor not found)
    SrcPort: 3636
    DstPort: HTTP(80)
    SequenceNumber: 3764422374 (0xE06086E6)
    AcknowledgementNumber: 1898161022 (0x7123A37E)
  - DataOffset: 80 (0x50)
     DataOffset: (0101....) (20 bytes)
     Reserved:   (....000.)
     NS:         (.......0) Nonce Sum not significant
  - Flags: ....A...
     CWR:    (0.......) CWR not significant
     ECE:    (.0......) ECN-Echo not significant
     Urgent: (..0.....) Not Urgent Data
     Ack:    (...1....) Acknowledgement field significant
     Push:   (....0...) No Push Function
     Reset:  (.....0..) No Reset
     Syn:    (......0.) Not Synchronize sequence numbers
     Fin:    (.......0) Not End of data
    TCPContinuationLastSegment:
    Window: 65535 (scale factor not found)
    Checksum: 307 (0x133)
    UrgentPointer: 0 (0x0)
    TCPPayload:
- Http: Request, POST /schuss/extranet/logement.asp
  - Request:
     Command: POST
   - URI: /schuss/extranet/logement.asp?action=addphotox&id_logement=4&id_logement_photo=0
    - Uri:
       Location: /schuss/extranet/logement.asp
       action: addphotox
       id_logement: 4
       id_logement_photo: 0
     ProtocolVersion: HTTP/1.1
     Host:  champion
     UserAgent:  Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9) Gecko/2008052906 Firefox/3.0
     Accept:  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
     Accept-Language:  fr
     Accept-Encoding:  gzip,deflate
     Accept-Charset:  ISO-8859-1,utf-8;q=0.7,*;q=0.7
     Keep-Alive:  300
     Connection:  keep-alive
     Referer:  http://champion/schuss/extranet/logement.asp?action=addphoto&id_logement=4&id_logement_photo=0
     Cookie:  AJSTAT_ok_times=1; ASPSESSIONIDAQBBSATD=AALHGMGABBNKMFDMMLEIJBCA
     ContentType:  multipart/form-data; boundary=---------------------------265001916915724
     ContentLength:  110080
     HeaderEnd: CRLF
    payload: HttpContentType =  multipart/form-data; boundary=---------------------------265001916915724
- Mime: MediaType = image/jpeg
  - Header: -----------------------------265001916915724
     -----------------------------265001916915724
:
  - Header: Content-Disposition: form-data; name="photo"; filename="Hiver.jpg"
     Content-Disposition:  form-data; name="photo"; filename="Hiver.jpg"
  - Header: Content-Type: image/jpeg
   - ContentType:  image/jpeg
      WhiteSpace: 32 (0x20)
      MediaType: image
      SubType: jpeg - JPEG image
    HeaderEnd: CRLF
    ImageBody: Binary Large Object (604 Bytes)

---8<----------------------------------------
Coordinator
Jun 25, 2008 at 6:04 AM
Hi Lars,

For what I've seen in your netmon it won't work in the current version. I will take this in consideration for the new version I am working on.

Thanks,

Rodney
Sep 8, 2008 at 10:52 AM
Hi Rodney,

Could you let me know if this issue is resolved in your new 1.5 release?

Thanks!

Martijn
Coordinator
Sep 10, 2008 at 2:03 AM
Hi Martijn,

It is not resolved. Send me a sample app and I will make it work.
Sep 18, 2008 at 12:00 PM
Hi Rodney,

Did you receive the sample app?

Martijn van Mechelen
Coordinator
Sep 24, 2008 at 9:07 PM

Hi Martijn,

 

Yes, I did. Thanks. I am working on the new version which will enable your upload to run.

 

Thanks,

 

Rodney

Sep 29, 2008 at 8:59 AM
Hi Rodney,

That's great news! Thank you very much.

Martijn van Mechelen
Coordinator
Nov 5, 2008 at 4:13 PM

Hi Martijn,

Please download version 2 beta and add an exclusion to the file you do not want filtered.

 

Thanks,

 

Rodney

Nov 25, 2008 at 9:31 AM
Hi Rodney,

I've downloaded the version beta and installed it. Thank you for supplying it.

The pages/forms which were broken by the filter all use a class which is included to handle the uploading of a file.

Is it necessary to make an exception for the included file, or for all the asp files which use this include?

Martijn van Mechelen
Coordinator
Nov 25, 2008 at 3:00 PM
Hi Martijnvm,

The exclusion is necessary for all pages receiving these files. It means if there is more than one page receiving uploaded files, you have to make the exclusion. You don't have to make exclusions to pages sending the file if they are not handling the receiving. Also, you will have to review manually these excluded files since they will be prone to sql injections.
Jan 20, 2009 at 2:00 PM
Hi Rodney

Thank you very much for adding an exclusion facility. I am actually having a problem trying to exclude specific files.

I am uploading multipart data which results in the error: Server Error - The server was unable to process your request. This can also occur with URLencoded forms depending on the content. I was hoping to be able to use the exclusion element to bypass the check routine.

I specified the filenames to the pages that were receiving the form content and it results in the error above. I performed an IIS reset upon adding the filenames as per the confirmation message.

Interestingly the first time i added filenames to the exclusion list, they were not stored. I tried again and they were stored fine. I also confirmed in the registry key.

Do you have any suggestions as to what may be causing this?

Many thanks

James
Dec 29, 2010 at 10:45 PM

I know its been a long time.  But this Server Error when uploading images is still persistent.  Is there any fix for it?