Forum Discussion
CirrusASM : Multipart/form-data parameter value violation
Hello, After spending some time reading and searching, i can't find complete information to understand my blocking. ASM has blocked multipart/form-data content from a POST request. First is SQL injection 200002305 (sig ID) for content that looks like JSON. I will set a JSON profile for this and see. But others violations (that i am looking for explanation) doesn't look JSON but more javascript code. Detected keywords are 'javacript' and 'href', and also 'id' (execution attempt violation).
My first question : ASM interpret as parameter the following pattern (control name) "app_generated_name", is it correct behaviour ? Content-Disposition: form-data; name="_app_generated_name"
Second question : ASM founds javacscript code content inside those "parameter" value, how is that sounds to you ? It seems to be the application design, so i am afraid i will have to create exception for that.
thanks a lot for any experience sharing on this
1 Reply
samstepCirrocumulus
-
If you have:
Content-Disposition: form-data; name="_app_generated_name" then yes "_app_generated_name" is a parameter and is being correctly recognised -
If POST parameter value contains bits of JavaScript ASM will of course block it as this looks like a code injection attack. There might be some legit reason for it, if this is how your application works (for example if it is a CMS/Content Management System then users with editor privileges can upload content, however regular users/visitors of the website must not be able to do that, otherwise hackers can upload any code they want and hack into the website.
-
