Forum Discussion

Aurel's avatar
Aurel
Icon for Cirrus rankCirrus
Jan 15, 2019

ASM : Multipart/form-data parameter value violation

Hello, After spending some time reading and searching, i can't find complete information to understand my blocking. ASM has blocked multipart/form-data content from a POST request. First is SQL injection 200002305 (sig ID) for content that looks like JSON. I will set a JSON profile for this and see. But others violations (that i am looking for explanation) doesn't look JSON but more javascript code. Detected keywords are 'javacript' and 'href', and also 'id' (execution attempt violation).

 

My first question : ASM interpret as parameter the following pattern (control name) "app_generated_name", is it correct behaviour ? Content-Disposition: form-data; name="_app_generated_name"

 

Second question : ASM founds javacscript code content inside those "parameter" value, how is that sounds to you ? It seems to be the application design, so i am afraid i will have to create exception for that.

 

thanks a lot for any experience sharing on this

 

application delivery
ASM Advanced WAF
security

1 Reply

Sort By
  • samstep's avatar
    samstep
    Icon for Cirrocumulus rankCirrocumulus
    Jan 16, 2019

    1. If you have:

      Content-Disposition: form-data; name="_app_generated_name" then yes "_app_generated_name" is a parameter and is being correctly recognised

       

    2. If POST parameter value contains bits of JavaScript ASM will of course block it as this looks like a code injection attack. There might be some legit reason for it, if this is how your application works (for example if it is a CMS/Content Management System then users with editor privileges can upload content, however regular users/visitors of the website must not be able to do that, otherwise hackers can upload any code they want and hack into the website.