• No replies
1 Post

Pinned topic Testing Ajax File Upload Requests - AppScan sending additional bytes

‏2014-03-28T21:59:12Z |

I am testing a web application which handles uploading of files via AJAX requests. I have AppScan configured to test posting a test file. When AppScan tries to submit various requests to find vulnerabilities, I see that the requests are posting extra bytes for the test file (Content-Length header indicates additional bytes than what is expected).

When I review the requests, I see that AppScan reports the difference to be just a change on one of the original parameters, yet the actual file data being posted in the request is different.

If I run the original request (which includes the same original parameters with the correct values), the file is posted correctly.

What is causing AppScan to post the additional bytes as part of the file being uploaded?

I was expecting that AppScan would try different parameters but the actual file data posted would be the same. However, that is not what I am seeing. Is this the expected behavior?



  • warrenm1
    224 Posts

    Re: Testing Ajax File Upload Requests - AppScan sending additional bytes


    Without seeing the original and modified POST for some context I couldnt say - would it be possible for you to attach sanitized versions of those?