[thelist] Possible Bug Form Validation ASP
Ken Schaefer
Ken at adOpenStatic.com
Wed Feb 23 18:35:42 CST 2005
The assertion that you are limited to 1024 characters in the querystring is
incorrect AFAIK. There is no arbitrary limit with IIS that I am aware of.
Additionally, the buffer overflow(s) (since there were several) that you
speak of was within an ISAPI Extension, not "ISAPI" itself, nor in IIS'
native handling of the querystring. So, the over flow occurred after IIS had
already looked at the request, and handed it off to an ISAPI Extension for
processing, and the ISAPI extension couldn't handle more than a certain
number of characters.
Cheers
Ken
: -----Original Message-----
: From: thelist-bounces-ken=adopenstatic.com at lists.evolt.org
: [mailto:thelist-bounces-ken=adopenstatic.com at lists.evolt.org] On Behalf Of
: Wayne
: Sent: Thursday, 24 February 2005 10:41 AM
: To: thelist at lists.evolt.org
: Subject: RE: [thelist] Possible Bug Form Validation ASP
:
:
: Thats because a URL is limited to 1024 bytes, this used to be exploited
: using the ISAPI buffer overlfow hack whereby you could take control of an
: (IIS(older)) server by sending code in an URL which exceedes that
: limitation(eventually it would get run).
:
: w
:
:
: -----Original Message-----
: From: thelist-bounces at lists.evolt.org
: [mailto:thelist-bounces at lists.evolt.org]On Behalf Of Rob Smith
: Sent: 23 February 2005 18:37
: To: 'thelist at lists.evolt.org'
: Subject: RE: [thelist] Possible Bug Form Validation ASP
:
:
: <snip author="Matt Warden">
: So, you are saying that the code you posted works, but the following
: does
: not?
:
: <%
: if not request.form("submit") = "" then
: ...
: end if
: %>
: <html>
: <form method="post" action="add.asp"></form>
: </html>
: </snip>
:
: That's correct. I even set up a <%="Hello?"%> inside the first test there.
: No dice.
:
: <tip type="Mixing Textareas and Method=get">
: Don't do it. request.querysting("textarea_name") (and possibly
: $_get["textarea_name"]) only retrieves the first line of material. Use
: method="post" instead of method="get" when retrieving that info.
:
: Just spent 10 minutes figuring out why an update query wasn't working when
: using request.querystring("comments") and textareas. It knew that there
: was
: more, but the information was truncated, along with the null end
: terminating
: character. I hope that made sense.
:
: ...unless someone can prove me wrong.
: </tip>
:
: Rob
: --
:
: * * Please support the community that supports you. * *
: http://evolt.org/help_support_evolt/
:
: For unsubscribe and other options, including the Tip Harvester
: and archives of thelist go to: http://lists.evolt.org
: Workers of the Web, evolt !
: --
:
: * * Please support the community that supports you. * *
: http://evolt.org/help_support_evolt/
:
: For unsubscribe and other options, including the Tip Harvester
: and archives of thelist go to: http://lists.evolt.org
: Workers of the Web, evolt !
More information about the thelist
mailing list