[thelist] Possible Bug Form Validation ASP

Wayne wayne at freelance-developer.co.uk
Wed Feb 23 19:29:43 CST 2005 

I stand corrected. I actually heard about that at a security conference I went to whilst at college a couple of years ago, obviously a bit hazy now. However the MaxClientRequestBuffer variable can be set in IIS's Metabase, which could cause the original issue discussed where URL post data is lost in transmission. How likely this is I don't know, though apparently where webdav is used in conjunction with Server 2003 this is a likelyhood.
Regards

-------------------------------------------- 
w: www.freelance-developer.co.uk 
e: wayne at freelance-developer.co.uk 
p: 07786 282 068 
   
-------------------------------------------- 
  FreeExpressionAsRevolution 
-------------------------------------------- 

-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org]On Behalf Of Ken Schaefer
Sent: 24 February 2005 00:36
To: thelist at lists.evolt.org
Subject: RE: [thelist] Possible Bug Form Validation ASP


The assertion that you are limited to 1024 characters in the querystring is
incorrect AFAIK. There is no arbitrary limit with IIS that I am aware of. 

Additionally, the buffer overflow(s) (since there were several) that you
speak of was within an ISAPI Extension, not "ISAPI" itself, nor in IIS'
native handling of the querystring. So, the over flow occurred after IIS had
already looked at the request, and handed it off to an ISAPI Extension for
processing, and the ISAPI extension couldn't handle more than a certain
number of characters.

Cheers
Ken

: -----Original Message-----
: From: thelist-bounces-ken=adopenstatic.com at lists.evolt.org
: [mailto:thelist-bounces-ken=adopenstatic.com at lists.evolt.org] On Behalf Of
: Wayne
: Sent: Thursday, 24 February 2005 10:41 AM
: To: thelist at lists.evolt.org
: Subject: RE: [thelist] Possible Bug Form Validation ASP
: 
: 
: Thats because a URL is limited to 1024 bytes, this used to be exploited
: using the ISAPI buffer overlfow hack whereby you could take control of an
: (IIS(older)) server by sending code in an URL which exceedes that
: limitation(eventually it would get run).
: 
: w
: 
: 
: -----Original Message-----
: From: thelist-bounces at lists.evolt.org
: [mailto:thelist-bounces at lists.evolt.org]On Behalf Of Rob Smith
: Sent: 23 February 2005 18:37
: To: 'thelist at lists.evolt.org'
: Subject: RE: [thelist] Possible Bug Form Validation ASP
: 
: 
: <snip author="Matt Warden">
:   So, you are saying that the code you posted works, but the following
: does
: not?
: 
:   <%
:    if not request.form("submit") = "" then
:      ...
:    end if
:   %>
:   <html>
:   <form method="post" action="add.asp"></form>
:   </html>
: </snip>
: 
: That's correct. I even set up a <%="Hello?"%> inside the first test there.
: No dice.
: 
: <tip type="Mixing Textareas and Method=get">
: Don't do it. request.querysting("textarea_name") (and possibly
: $_get["textarea_name"]) only retrieves the first line of material. Use
: method="post" instead of method="get" when retrieving that info.
: 
: Just spent 10 minutes figuring out why an update query wasn't working when
: using request.querystring("comments") and textareas. It knew that there
: was
: more, but the information was truncated, along with the null end
: terminating
: character. I hope that made sense.
: 
: ...unless someone can prove me wrong.
: </tip>
: 
: Rob
: --
: 
: * * Please support the community that supports you.  * *
: http://evolt.org/help_support_evolt/
: 
: For unsubscribe and other options, including the Tip Harvester
: and archives of thelist go to: http://lists.evolt.org
: Workers of the Web, evolt !
: --
: 
: * * Please support the community that supports you.  * *
: http://evolt.org/help_support_evolt/
: 
: For unsubscribe and other options, including the Tip Harvester
: and archives of thelist go to: http://lists.evolt.org
: Workers of the Web, evolt !
-- 

* * Please support the community that supports you.  * *
http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt !

More information about the thelist mailing list