Forum Discussion
SalishSeaSecurity
Altostratus
AltostratusIllegal parameter...even after 'accept'
I am in the process of building a policy and am stuck with one parameter that is causing me headaches. It looks like this:
['DateBox.TodayFormat']
A couple of things to note:
1) ASM recognizes the parameter as and recognizes everything after that as parameter value
2) I have copied the text as presented in the web page, but ASM picks up on the unprintable metacharacters (space, tab, carriage return) in addition to the obvious brackets, quotes etc.
3) When 'accepting' the violation, I select "Static content" and ASM inserts the entire value string, _minus_ the unprintable metacharacters
4) If I define level as "URL parameter", ASM kicks back not only illegal parameter, but unknown level. If I define level as "Global Parameter", ASM kicks back illegal parameter, but recognizes it as global level.
5) I've tried inserting the unprintables 0xd, 0x9 and 0x20 into the value string and addding it as static content, and ASM still kicks back an illegal parameter error.
I'm out of ideas. Any suggestions?
- J
2 Replies
hoolioCirrostratus
That looks like the application's code--not the HTML that would be sent to the client nor a parameter or payload that the client would send to the application. Can you post an anonymized copy of the HTTP headers and payload from a browser plugin like HttpFox for Firefox or Fiddler for IE?
Thanks,
Aaron
SalishSeaSecurityHoolio,
Thank you for the reply. I found my problem: it's XML. I didn't know the app used XML when I configured it in ASM. I've been using Paros to capture the web traffic, but Paros doesn't do any analysis. Since I'm no web app maven (more of a network security guy), I didn't know what I was looking at. When I captured some traffic with Wireshark, it was clearly labeled XML.
I've gone back to the system owner and asked for the XML schema. I'm sure I'll be back online here when I dive into that configuration.
Thanks very much for the browser plugin tips.
Regards,
Jason
