Hi,
I have an ASP / VB6 web application, basically a CMS generating web sites with a lot of classic ASP pages and a VB6 COM component.
Recently our servers (like everyone else's) are under so called cross site script attacks, meaning that the attacker tries to gain entry by passing malicious code in the request object (request.querystring and request.form)
Luckily all ASP pages first call an initial function in a VB COM component before doing anything else and pass their request object for use by the com component.
Since this is the ideal place to test for script hacks (invalid malicious request.querystring and request.form strings) I coded a "checkforhack" function.
On the .querystring side there is no problem, but on the .form side, some of the appplication and / or web site forms are standard text forms and some are upload forms with binary data.
I cannot test binary forms for hack attempts (I'll have to do that in a function handling upload, of which there is only one), but I can test standard forms for malicious strings.
My question is this:
Is there a test to detect which type of form I am dealing with, without provoking the message "cannot call binary read after using the forms collection" ?
In other words, can I detect in the request object whether this is a normal text form or a binary data form WITHOUT using the forms colection (which provokes the error)
I cannot use request.TotalBytes, since that is set on standard forms too to a nonzero value, I tried using request.form.count, since that seems to be 0 on binary forms, but then of course I get the infamous message when the form is processed since I use the forms collection.
I would like to acess something like the enctype of the form, since that is set in binary forms to enctype="multipart/form-data"
Our servers are under heavy attack right now, and I would like to close this potential hole, so any suggestions are VERY welcome
Jos Verhoeff
I have an ASP / VB6 web application, basically a CMS generating web sites with a lot of classic ASP pages and a VB6 COM component.
Recently our servers (like everyone else's) are under so called cross site script attacks, meaning that the attacker tries to gain entry by passing malicious code in the request object (request.querystring and request.form)
Luckily all ASP pages first call an initial function in a VB COM component before doing anything else and pass their request object for use by the com component.
Since this is the ideal place to test for script hacks (invalid malicious request.querystring and request.form strings) I coded a "checkforhack" function.
On the .querystring side there is no problem, but on the .form side, some of the appplication and / or web site forms are standard text forms and some are upload forms with binary data.
I cannot test binary forms for hack attempts (I'll have to do that in a function handling upload, of which there is only one), but I can test standard forms for malicious strings.
My question is this:
Is there a test to detect which type of form I am dealing with, without provoking the message "cannot call binary read after using the forms collection" ?
In other words, can I detect in the request object whether this is a normal text form or a binary data form WITHOUT using the forms colection (which provokes the error)
I cannot use request.TotalBytes, since that is set on standard forms too to a nonzero value, I tried using request.form.count, since that seems to be 0 on binary forms, but then of course I get the infamous message when the form is processed since I use the forms collection.
I would like to acess something like the enctype of the form, since that is set in binary forms to enctype="multipart/form-data"
Our servers are under heavy attack right now, and I would like to close this potential hole, so any suggestions are VERY welcome
Jos Verhoeff
