Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: manipulating query strings
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: manipulating query strings
  • From: ma1ler_deamon <[EMAIL PROTECTED]>
  • Date: Tue, 24 Feb 2004 11:33:13 -0800 (PST)
.
 
 if a form is designed to accept POST variables, it may also accept
 those same variables passed in through the querystring. It may not
 it depends on how lazy the developer was when they made it and if
 they pulled the values from the global collections or the specific
 ones. 
 
 ie. foo = Request(bar) , vs foo = Request.QueryString(bar) etc

 you can manipulate hidden variables in a number of ways, you can use
 an intercept proxy which can be kinda overkill for this, or you can 
 use custom tools to do it right inside of your browser such as IE

 one integrated IE integrated tool I found was this

 http://sandsprite.com/Sleuth

 it does some stuff ok, some stuff I really like, check out the "Browser
 Extensions" package, it adds a new right click menu item to your 
 standard IE context menus that pops up a forms editor. I guess its an 
 eval version, but there is a free build of the main app as well.

 -md

__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools

---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.