WebApp Sec mailing list archives
Re: View and edit hidden HTML form fields (fwd)
From: "Tim Greer" <chatmaster () charter net>
Date: Thu, 12 Jun 2003 10:22:15 -0700
From: "sirkus" <sirkus () sirkit net> To: <webappsec () securityfocus com> Sent: Thursday, June 12, 2003 8:12 AM Subject: Re: View and edit hidden HTML form fields (fwd)
Indeed. I certainly wasn't claiming any greatness on the part of the program, especially since we're not a Window's shop -- it doesn't particularly apply to me. My point was that while I may be comfortable with using Perl/LWP and regular expressions as a coder, these are things I use on a regular basis while doing assessments. However, for others (such as many who I work with that do not code) this provides a simple way to demonstrate various simple client-side state weaknesses.
I actually don't see how this reveals any weaknesses. Just seeing the fields or arguments/values passed to a script/program doesn't really mean anything. It can save a lame 'web site form based' cracker some effort, but that's about it.
I would also agree that there are many other tools out there that do similar things (and much more.) Especially where actual assessments are the goal. I was just simply stating that for its intended purpose, it works, and integrates into IE as a side bar making it easy to tote around. (Again, For those who use IE... )
Sure, it looks sort of neat for what it is. For a Windows desktop. Of course, my opinion is two things; Installing a program someone else wrote that I don't see the source to, is not going to happen. Secondly, using IE, you already have enough problems to not be wasting your time with silly tools like this. :-) -- Regards, Tim Greer chatmaster () charter net Server administration, security, programming, consulting.
Current thread:
- View and edit hidden HTML form fields (fwd) bugtraq (Jun 11)
- Re: View and edit hidden HTML form fields (fwd) Alex Russell (Jun 11)
- Re: View and edit hidden HTML form fields (fwd) dan cuthbert (Jun 12)
- Re: View and edit hidden HTML form fields (fwd) Alex Lambert (Jun 13)
- Re: View and edit hidden HTML form fields (fwd) Tim Greer (Jun 11)
- Re: View and edit hidden HTML form fields (fwd) sirkus (Jun 11)
- Re: View and edit hidden HTML form fields (fwd) Tim Greer (Jun 11)
- Re: View and edit hidden HTML form fields (fwd) sirkus (Jun 12)
- Re: View and edit hidden HTML form fields (fwd) Tim Greer (Jun 13)
- Re: View and edit hidden HTML form fields (fwd) sirkus (Jun 13)
- Re: View and edit hidden HTML form fields (fwd) Tim Greer (Jun 13)
- Re: View and edit hidden HTML form fields (fwd) George W. Capehart (Jun 14)
- Re: View and edit hidden HTML form fields (fwd) sirkus (Jun 11)
- RE: View and edit hidden HTML form fields (fwd) Jordi Molina (Jun 13)
- RE: View and edit hidden HTML form fields (fwd) hans (Jun 13)
- Re: View and edit hidden HTML form fields (fwd) Alex Russell (Jun 11)
- Re: View and edit hidden HTML form fields (fwd) riptide (Jun 17)
- <Possible follow-ups>
- RE: View and edit hidden HTML form fields (fwd) Oliver White (Jun 12)
- Re: View and edit hidden HTML form fields (fwd) MK Cheung (Jun 12)