Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: manipulating query strings

From: Chan Fook Sheng <chanfooksheng () pacific net sg>
Date: Fri, 07 May 2004 10:57:23 +0800
hi
if the method is POST, you can't manipulate the url to send the data you want. You can use Paros (a web apps assesement tool), it can be found at http://www.proofsecure.com/. it's a free tool that is supported by donations, it's a great tool!! 


fook sheng


Vel wrote:


Hello Group,

Is there a way to send values to hidden fields ,

i.e Input tags with type=hidden attribute a value from the URL if the action
attribute on the FORM is ACTION ?

e.g:

<FORM form1 ACTION= '/search/search.asp'  METHOD=post>

<Input type=hidden name=serverName value=www.abc.com>
<Input type=hidden name=serverName value=www.def.com>


---------------------------------------------------------------------------

Given the Method is "POST", can I pass values to the Hidden Input fields
using the URL. i.e URL manipulation ?
I know I can pass variables in URL to Server side script variables if METHOD
is "GET".

But how about POST method ?

Thanks.

Kumar.


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------



------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: