ASP Incorrectly Decodes the QUERY_STRING and May Reveal the Metabase Path Information

Article translations Article translations
Article ID: 261116 - View products that this article applies to.
This article was previously published under Q261116
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

SYMPTOMS

You use the Response.QueryString collection to retrieve values from the end of an URL, but you do not receive the expected values. The values returned may instead be Internet Information Services (IIS) metabase information.

CAUSE

The Active Server Pages (ASP) intrinsic Request object contains information that is sent from the client to the server in an HTTP request. The QueryString collection contains any name/value pairs that appear at the end of the URL. For example:
http://server/virtualDirectory/page.asp?name=value
				
This information will be URL-encoded.


For example
http://server/virtualDirectory/page.asp?name=my_value
				
would appear as:
http://server/virtualDirectory/page.asp?name=my%5Fvalue
				
However, if the value contains a percent sign and a hexadecimal value that does not map to a valid character ("%5F" maps to an underscore [_]), the return value of the collection will be the path of the Web site in the form of a metabase path. This can be a problem when the variable is printed directly into HTML through Response.Write.

For example
Response.Write Request.QueryString("name")
				
would print out:
LM/W3SVC/1/Root/VirtualDirectoryName
					

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
To resolve this problem, you can use the Server.URLEncode function to encode QueryString values before you add them to the QueryString.

For example:
Response.Redirect "http://server/virtualDirectory/page.asp?name=" & Server.URLEncode("My Name ThatContains A % Sign")
				

If you print out the name value using
Response.Write Request.Querystring("name")
				
on Page.asp, the result would be "My Name That Contains A % Sign" as expected.

STATUS

Microsoft has confirmed that this is a problem in Microsoft Windows 2000.

This problem was first corrected in Windows 2000 Service Pack 1.

Properties

Article ID: 261116 - Last Review: October 20, 2013 - Revision: 3.3
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbnosurvey kbarchive kbbug kbfix kbwin2000sp1fix KB261116

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com