WebApp Sec mailing list archives
Re: When GET = POST?
From: "David Bullock" <davidbullock () tech-center com>
Date: Fri, 8 Nov 2002 23:49:28 -0800
----- Original Message ----- From: "Chris Thomas" <chris.thomas () lodoga co uk>
Hi, This has been troubling me for a while. When pen testing web apps where a page POSTs data it often seems just as effective (and easier) to encode the data in the URL (i.e. use and HTTP GET ). Is guess this is because many server-side languages do not differentiate how a variable is set? - How is this situation handled in common server side languages such PHP, etc?
Recent versions of PHP actually do place the GET and POST variables into two different arrays, $_POST, and $_GET. Older versions of PHP had the $HTTP_GET_VARS and $HTTP_POST_VARS arrays. http://www.php.net/manual/en/language.variables.predefined.php
Current thread:
- When GET = POST? Chris Thomas (Nov 08)
- Re: When GET = POST? Alonso Robles (Nov 09)
- Re: When GET = POST? Jonas Anden (Nov 10)
- Re: When GET = POST? Vincent Janelle (Nov 10)
- Re: When GET = POST? Jonas Anden (Nov 10)
- Re: When GET = POST? David Bullock (Nov 09)
- RE: When GET = POST? Tony Welsh (Nov 09)
- Re: When GET = POST? Adrian Wiesmann (Nov 10)
- Re: When GET = POST? Kevin Spett (Nov 11)
- Re: When GET = POST? Jason Childers (Nov 11)
- Re: When GET = POST? Charles Miller (Nov 11)
- Re: When GET = POST? Jeff Dafoe (Nov 11)
- Re: When GET = POST? Jason Healy (Nov 11)
- Re: When GET = POST? Kevin Spett (Nov 12)
- Re: When GET = POST? Daniel Hedrick (Nov 12)
- Re: When GET = POST? Jeff Dafoe (Nov 11)
- <Possible follow-ups>
- Re: When GET = POST? Steven M. Christey (Nov 11)
(Thread continues...)
- Re: When GET = POST? Alonso Robles (Nov 09)