Penetration Testing mailing list archives

manipulating query strings

From: "Vel" <vel () sympatico ca>
Date: Mon, 23 Feb 2004 11:43:27 -0800


Hello Group,

Is there a way to send values to hidden fields ,

i.e Input tags with type=hidden attribute a value from the URL if the action
attribute on the FORM is ACTION ?

e.g:

<FORM form1 ACTION= '/search/search.asp'  METHOD=post>

<Input type=hidden name=serverName value=www.abc.com>
<Input type=hidden name=serverName value=www.def.com>


---------------------------------------------------------------------------

Given the Method is "POST", can I pass values to the Hidden Input fields
using the URL. i.e URL manipulation ?
I know I can pass variables in URL to Server side script variables if METHOD
is "GET".

But how about POST method ?

Thanks.

Kumar.


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------

Current thread:

manipulating query strings Vel (Feb 24)
- Re: manipulating query strings Eric Paynter (Feb 25)
  - Re: manipulating query strings Ariel Martinez (Feb 26)
- RE: manipulating query strings Campbell Murray (Feb 25)
- Re: manipulating query strings Markus Toman (Feb 25)
- <Possible follow-ups>
- RE: manipulating query strings Kris Wilkinson (Feb 25)
- Re: manipulating query strings ma1ler_deamon (Feb 25)
- RE: manipulating query strings Toni Heinonen (Feb 25)
  - Re: manipulating query strings morning_wood (Feb 26)
- Re: manipulating query strings Karsten Johansson (Feb 25)
- RE: manipulating query strings Scovetta, Michael V (Feb 25)

(Thread continues...)