-
March 29th, 2014, 06:53 PM
#1
sending POST data using Winsock?
This is possibly the wrong forum to post in, but the program is written in VB6 so I hope someone can help.
I have a program that sends form data to a website via Winsock. It's been working for years but the host recently installed mod_security and now my form submission causes a 403 error.
When I send the data as "Content-Type: application/x-www-form-urlencoded" everything works fine, but when I need to send an image and send using "Content-Type: multipart/form-data, boundary=randomgenereatedboundary" it fails.
Prior to the server update it worked fine.
I am setting up the data to send like this:-
Code:
strFile = GetFileContents(txtUploadFile2.Text)
strBoundary = RandomAlphaNumString(32)
strBody = strBody & "--" & strBoundary & vbCrLf
strBody = strBody & "Content-Disposition: form-data; name=""img""; filename=""" & File1.FileName & """" & vbCrLf
strBody = strBody & "Content-Type: image/jpeg" & vbCrLf
strBody = strBody & vbCrLf & strFile
strBody = strBody & vbCrLf & "--" & strBoundary & "--"
' find the length of the request body - this is required for the
' Content-Length header
lngLength = Len(strBody)
WebPage = "POST " & "/upload.php" & " HTTP/1.0" & vbCrLf
WebPage = WebPage & "Host: " & Winsock.RemoteHost & vbCrLf
WebPage = WebPage & "Connection: Keep-Alive" & vbCrLf
WebPage = WebPage & "Content-Type: multipart/form-data, boundary=" & strBoundary & vbCrLf
WebPage = WebPage & "Content-Length: " & lngLength & vbCrLf & vbCrLf
WebPage = WebPage & strBody
Private Function GetFileContents(ByVal strPath As String) As String
Dim StrReturn As String
Dim lngLength As Long
lngLength = FileLen(strPath)
StrReturn = String(lngLength, Chr(0))
On Error GoTo ERR_HANDLER
Open strPath For Binary As #1
Get #1, , StrReturn
GetFileContents = StrReturn
Close #1
Exit Function
ERR_HANDLER:
MsgBox Err.Description, vbCritical, "ERROR"
Err.Clear
End Function
' generates a random alphanumeirc string of a given length
Private Function RandomAlphaNumString(ByVal intLen As Integer)
Dim StrReturn As String
Dim X As Integer
Dim c As Byte
Randomize
For X = 1 To intLen
c = Int(Rnd() * 127)
If (c >= Asc("0") And c <= Asc("9")) Or _
(c >= Asc("A") And c <= Asc("Z")) Or _
(c >= Asc("a") And c <= Asc("z")) Then
StrReturn = StrReturn & Chr(c)
Else
X = X - 1
End If
Next X
RandomAlphaNumString = StrReturn
End Function
An example of what is being sent is:-
Code:
POST /upload.php HTTP/1.0
Host: www.mywebsite.com.au
Connection: Keep-Alive
Content-Type: multipart/form-data, boundary=JfRONP8ypjsainqiue6YF6VM9CZ41Bxk
Content-Length: 8066
--JfRONP8ypjsainqiue6YF6VM9CZ41Bxk
Content-Disposition: form-data; name="img"; filename="10500.jpg"
Content-Type: image/jpeg
ÿØÿÃ*
The server is showing an error like this:-
Code:
[Fri Mar 28 14:27:37 2014] [error] [client 123.456.789.012] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/conf/modsecurity.rules/00_asl_z_antievasion.conf"] [line "36"] [id "330791"] [msg "Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors."] [data "Multipart: Invalid boundary in C-T (malformed)."] [severity "CRITICAL"] [tag "no_ar"] [hostname "www.mywebsite.com.au"] [uri "/upload.php"] [unique_id "UzTsKW92oLsABjD5PO0AAAA7"]
[Fri Mar 28 14:27:37 2014] [error] [client 123.456.789.012] ModSecurity: Multipart parsing error (init): Multipart: Invalid boundary in C-T (malformed). [hostname "www.mywebsite.com.au"] [uri "/upload.php"] [unique_id "UzTsKW92oLsABjD5PO0AAAA7"]
If would be very grateful if anyone can help.
-
April 2nd, 2014, 10:10 PM
#2
Re: sending POST data using Winsock?
Look at the page you open in DOM explorer to see what you are sending. Probably needs to change.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|