Marc_Bergeron_5
Aug 15, 2007Nimbostratus
Process POST data
I'm looking to patch a security issue in our application until our developers have time to do their thing, and I'm hoping to do it with iRules.
What I have is a log-in page, login.asp, that doesn't validate any of its 3 fields: username, password, email. I successfully made a rule to remove brackets, slashes, and whatever else from the POST data, then realized that users may have these characters in their passwords. This example removes <, >, or % from posts and replaces them with NULL, in turn invaliding their attempt:
when HTTP_REQUEST_DATA {
if {[string tolower [HTTP::path]] contains "login.asp"} {
set newPayload [string map {< "" > "" % ""} [HTTP::payload]]
HTTP::payload replace 0 [HTTP::payload length] $newPayload
HTTP::release
log local0. "new payload: $newPayload"
}
}
In order to ignore the password field, I figure I need to parse the POST data, scrub all submit data except for the Password, then reassemble it back into HTTP:payload. Is there a simple way to do this. My typical payload looks like this:
redirect=®_id=0&ie55sp1=false&membername=marcb&password=marcb