Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

smiley_dba's avatar
smiley_dba
Icon for Nimbostratus rankNimbostratus
Oct 23, 2019

ASM JSON/AJAX start page for Exchange OWA

Running into a challenge and wondering if the community might be able to help. I'm using the ASM Brute Force Start Page to lookup user_id and password login request. Problem is, trying to understand ...
ASM Advanced WAF
security
Yoann_Le_Corvi1's avatar
Yoann_Le_Corvi1
Icon for Cumulonimbus rankCumulonimbus
Oct 24, 2019

Hi

 

Didn't get a change to test it, but I think this concerns the payload JSON sent to a logon URI rather than a start page. Let's say you have a form to login at /login.aspx, when you click on "Login" this posts a request to /dologin, with the payload JSON {"my_username":"toto", "my_password":"toto"} as JSON payload. Then

  • Add the URL in the first field : /dologin
  • Username JSON Element is "my_username"
  • Password JSON Element is "ma_password"

 

Yoann

  • smiley_dba's avatar
    smiley_dba
    Icon for Nimbostratus rankNimbostratus
    Oct 24, 2019

    Thank you Yoann. Will test that out today. Thank you.