Penetration Testing mailing list archives
Re: manipulating query strings.
From: "Omar V.M." <ovalerio () serpro net mx>
Date: Tue, 24 Feb 2004 19:59:51 -0600 (CST)
Hello vel & list, I suggest you to use an http proxy like Achilles, then you can edit the hidden fields. Since HTTP POST requests go in clear text you would easily locate where those values are modified within the request. A shortcut is to use the Address input box of your browser and write those fields just like a GET request. That's because often at the server side input is accepted no matter the method being used. Just like this: /searc/search.asp?serverName=www.abc.com&serverName=www.def.com cu.. Vel wrote:
Hello Group, Is there a way to send values to hidden fields , i.e Input tags with type=hidden attribute a value from the URL if the
action
attribute on the FORM is ACTION ? e.g: <FORM form1 ACTION= '/search/search.asp' METHOD=post> <Input type=hidden name=serverName value=www.abc.com> <Input type=hidden name=serverName value=www.def.com>
---------------------------------------------------------------------------
Given the Method is "POST", can I pass values to the Hidden Input fields using the URL. i.e URL manipulation ? I know I can pass variables in URL to Server side script variables if
METHOD
is "GET". But how about POST method ? Thanks. Kumar.
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------
-- -- Omar Valerio Minero SerproNet S.A. de C.V. ovalerio () serpro net mx Tel.: 52 (55) 5395 4246 Ext. 111 http://www.serpro.net.mx/ http://www.benology.com.mx/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: manipulating query strings. Omar V.M. (Feb 25)