2. Tech
  3. ASP upload data stream format analysis

ASP upload data stream format analysis

xiaoxiao2021-03-06  42

Recently, someone has been used.

The ASP upload file is troubled, and the problems encountered are mainly analyzed for flow data submitted through the form.

ASP enthusiasts work simultaneously to analyze this stream data format. Due to this article

LZC I analyze the results of uploading data, so it may not be very accurate, please understand and welcome to find errors.

Take

HTTP upload file first must be submitted

Add in the definition of Form

ENCTYPE = "Multipart / Form-Data" type indicator, then use

ID, the user can use it when browsing

The Input box selects the file you want to upload.

This will automatically upload file data together after Form submission.

SERVER, at this time must be used

Request object

BinaryRead method takes data to read the file data and operate accordingly, if you use

Response object

BinaryWrite method Shows the data on the page you will see all the file data and

The internal data of the form form is mixed together, and the page is called "

? "The following parameters are all lost.

The following is attached to a complete data upload result, we will analyze the data uploaded on this basis. Two text input boxes in the uploaded data, the names

Text "and

"Filenumber" (filenumber means the number of files uploaded

),One

Checkbox, name

"Check", two files upload, name

"File" and

"File1" (this name is automatically calculated by the upper page "script

), And one

Submit button, name

"Submit", the value is

"determine

". In order to make the data more clearly I chose two text files to upload, if the upload binary file is the same. The specific upload data is as follows:

---------------------------- 7D18E2D3F01E0Content-disposition: form-data; name = "check" ON ------- ---------------------- 7D18E2D3F01E0Content-disposition: form-data; name = "filenumber" 2 -------------- --------------- 7D18E2D3F01E0Content-disposition: form-data; name = "file0"; filename = "d: /starcraft/sc.reg" Content-type: Application / OcTet-streamRegeDit4 [HKEY_CURRENT_USER / SOFTWARE / BATTLE.NET / Configuration] "Battle.Net Gateway" = HEX (7): 31, 30, 30, 30, 32, 31, 31, 39, 32, 2E, 31, 36 38, 2e, / 31, 30, 32, 2e, 38, 36, 100, 2d, 39, 3, 42, 50, 55, 20, 35, 23, 20, 53, 65, 72, 76, 65, 72,00, 75, / 73, 77, 65, 73, 74, 2e, 62, 61, 74, 74, 6c, 65, 2e, 6e, 65, 74, 0, 38, 100, 55, 2e, 53 2E, 20, 57, / 65, 73, 74, 75, 73, 65, 61, 73, 74, 2E, 62, 61, 74, 74, 65, 65, 2E, 6E, 65, 74, 00, 36, 100, 55, / 2e, 53, 2e, 20, 45, 61, 73, 74, 0, 61, 73, 69, 61, 2e, 62, 61, 74, 74, 6c, 65, 2e 6E, 65, 74, 3, / 2D, 39, 0, 41, 73, 69, 61, 65, 75, 72, 6F, 70, 65, 2E, 62, 61, 74, 74, 6C, 65, 2E, 6E, 65, 74, / 00, 2D, 31, 00, 45, 75, 72, 6F, 70, 65, 00 [HKEY_LOCAL_MACHINE / SOFTWARE / BATTLE.NET / Configuration] "Server List" = "192.168.102.86" Server version "= dword: 000 00001 ---------------------------- 7D18E2D3F01E0Content-disposition: form-data; name = "file1"; filename = "C: / cheaters.log "Content-Type: application / octet-streamWindows renabledWindows renabledWindows renabledWindows renabledWindows renabled ----------------------------- 7d18e2d3f01e0Content-Disposition : form-data; name = "text" ASDF ----------------------------- 7D18E2D3F01E0Content-disposit: form-data; name = "Submit" OK ---------------------------- 7D18E2D3F01E0 -

This is just a small example, from which we can simply analyze the flow-up data format of the ASP, as follows (for similar data segments, I only pick one of the introductions): 1. "---------- ------------------ 7D12A925602D2 "This is used to uniquely identify the encoding uploaded, the number automatically generates and guarantees that any two uploads will never have the same identification, It is also a separator used to separate the input box data, and finally the "-" identified by the string of data transmission. In the above example, the string is labeled a red bold to facilitate different data segments. 2. "Content-disposition: form-data" is used to indicate the data submitted by the data segment is Form. 3.Name = "Check" data box name, everyone usually reads this Checkbox content using Request.Form ("Check"). 4. The content of the "On" checkbox data box is also the return value of the request.form ("Check"), the checkbox type input box (check box) is selected, "ON" is submitted, and the data is not submitted when it is not selected ( That is, the upload results do not appear at all). 5.FileName = "d: /starcraft/sc.reg" The type = "file" INPUT box mentioned above will pass the file in the client's path to the server. Use this field, which means the uploaded file is D disk STARCRAFT directory Sc.REG (registration file). 6.content-type: Application / OCTET-Stream Description is the file upload, and it is stressed as streaming. 7. The file data file data is started with two VBCRLF (hard auto), and the file data is over two VBCRLF. Examples are marked with blue. In addition to "File", the results are the same, as follows: ---------------------------- 7D139414602D2Content- Disposition: form-data; name = "TEXT" ASDF indicates the input box submitted by the form as a name text, which is ASDF. ASP cannot easily upload files Main reason is that ASP has no permissions to write binary files in Server, can only write text, and once the binaryRead method is used to use a binaryRead method for the Request object, you cannot use the previous Request ("Field Name"). Take data, so you are generally used to write to the database or upload it using the component. (KKND this site recently wrote a powerful upload component. If necessary, you can download it in the repository under the ASP.) In order to let everyone see the data upload effect, I provide the source code of the two ASP files, respectively Used to upload and analyze upload data.

Upload page source code

</ title> </ head> <body> <div align = "center> <form name =" a " Method = "post" enctype = "multipart / form-data" action = "test1.asp? AAA = BBB & CCC = 123"> <! - The parameter of the call page entered above (AAA = BBB & CCC = 123) All lost, here it assumes TEST1.ASP to receive page-> <table> <tr> <TD> <input type = "checkbox" name = check οnclick = OpenRefresh ()> </ td> </ tr> <TR> <TD> <input type = "file" name = "file0"> </ td> <infut type = "text" name = "text"> </ td> </ tr> <TR> <TD> <input type = "file" name = "file1"> </ td> <input type = "radio" name = "radio" Value = "Radio"> </ td> </ tr> <tr> <td> <input type = "radio" name = "radio" value = "oidar"> </ td> </ tr> <tr> <td > <input type = "radio" name = "radio1" value = "radio1"> </ td> </ tr> <tr> <td> <input type = "button" name = "button0" value = "button" > </ td> </ tr> <! - You can see the value value of the Button button does not appear in the upload result -> </ table> <input type = Submit name = "submit" value = "OK" > </ form> </ div> </ body> </ html> Receive page source code</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-47641.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="47641" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.044</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'rmVf_2FENyRLZaD63JDWkxIcTTuDh01QoGsl6hQ0rkUbKNrKaffCk6SHx2hCPG4h5cNPHfPxIiDiugzIaFZCQPrg_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>