Announcement

Collapse
No announcement yet.

Extract file from upload using POST get rid of header/footer

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Extract file from upload using POST get rid of header/footer

    How do you extract the file from an upload using POST?
    Here is the start of the uploaded file, approximately.
    The file is 548440 bytes.
    The footer is simulated below
    Content-length shows 548652.
    Code:
    -----------------------------7d91b51f14003a
    Content-Disposition: form-data; name="userfile"; filename="\test\test.exe"
    Content-Type: application/octet-stream
     
    MZôõ` ÿÿH:  ~        
    .
    .
    .
     
    Footer looks like this:
    -----------------------------7d91b51f14003a--
    Last edited by Mike Doty; 21 Aug 2009, 08:50 AM.
    CMD shortcut to open any location:
    %windir%\system32\cmd.exe /k " cd\ & x: & cd x:\xxxx
    Change to run as administrator
    How long is an idea? Write it down.

  • #2
    There's an example of encoding file attachments in the PowerBASIC Gazette, number 33. Your headers there don't show what the encoding type is but, if it's the common Base64, you'll just need to reverse the Base64 encoding. The MZ suggests it may just be raw binary data, which would make it simple. MZ is the identifier at the start of an .EXE file.
    Last edited by Tom Hanlin; 21 Aug 2009, 09:32 AM.

    Comment


    • #3
      In the header of the POST command, there will be a line that will tell you if the message has been MIME enocded and there will be a "boundary" string defined. In your case it is "7d91b51f14003a". Each section of the message will be enclosed between these strings:

      Code:
      -----------------------------7d91b51f14003a
      -----------------------------7d91b51f14003a--
      All you need to do is get the remainder of the message after the line that has "-----------------------------" + BoundaryString and then extract all the data up to the line that has "-----------------------------" + BoundaryString + "--". There will be another header in this section followed by CRLFCRLF. You can check those headers for more information. In your case, the Content-Type is set to application/octet-stream which is just a fancy way of saying 8 bit binary data.

      The following code should pull out the actual binary data:

      Code:
      sBoundary = "7d91b51f14003a" ' set this from the boundary string in the POST header
      
      sBoundaryStart = $CRLF + "-----------------------------" + sBoundary + $CRLF
      sBoundaryEnd   = $CRLF + "-----------------------------" + sBoundary + "--" + $CRLF
      
      ' sMessage contains the original POST data
      sData = REMAIN$(sMessage, sBoundaryStart)
      sData = EXTRACT$(sData, sBoundaryEnd)
      ' insert code here to check the Content-Type if it might change
      sData = REMAIN$(sData, $CRLF + $CRLF)
      ' insert code here to process the data if it isn't just 8 bit binary data
      If the POST header says that it is a multi-part message, you may need to loop through each of the sections enclosed in the start and end boundary strings.
      Last edited by Jeff Blakeney; 21 Aug 2009, 11:16 AM. Reason: Added $CRLF to the start of the boundary strings in code.
      Jeff Blakeney

      Comment


      • #4
        That was it, thanks much!
        CMD shortcut to open any location:
        %windir%\system32\cmd.exe /k " cd\ & x: & cd x:\xxxx
        Change to run as administrator
        How long is an idea? Write it down.

        Comment

        Working...
        X