Penetration Testing mailing list archives
Re: manipulating query strings
From: marko <chrome () liquidinfo net>
Date: Thu, 26 Feb 2004 08:43:44 +0200
Hi!
Is there a way to send values to hidden fields, i.e Input tags with type=hidden attribute a value from the URL if theaction attribute on the FORM is ACTION ?
Yes, you could copy the page locally and edit it, before you execute the form. Or another method is using a local intercepting proxy for this. Instead of repeating things, you might want to check out the webappsec-mailinglist archives on SecurityFocus, where there was a discussion about different proxies just a few digests ago.
But how about POST method ?
Same applies to POST :) In my opinion, using a local proxy is more convenient than copying the page locally on your harddrive. Best Regards, -m- -- - Liquid Information - http://www.liquidinfo.net - E-mail: Remove NOS_PAM if present in address (Usenet) - PGP: http://www.liquidinfo.net/about.html -- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: manipulating query strings, (continued)
- Re: manipulating query strings Eric Paynter (Feb 25)
- Re: manipulating query strings Ariel Martinez (Feb 26)
- RE: manipulating query strings Campbell Murray (Feb 25)
- Re: manipulating query strings Markus Toman (Feb 25)
- RE: manipulating query strings Kris Wilkinson (Feb 25)
- Re: manipulating query strings ma1ler_deamon (Feb 25)
- RE: manipulating query strings Toni Heinonen (Feb 25)
- Re: manipulating query strings morning_wood (Feb 26)
- Re: manipulating query strings Karsten Johansson (Feb 25)
- RE: manipulating query strings Scovetta, Michael V (Feb 25)
- Re: manipulating query strings marko (Feb 26)
- RE: manipulating query strings Nick Besant (Feb 26)
- Re: manipulating query strings Eric Paynter (Feb 25)