Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: manipulating query strings
.

  • To: "'Vel'" <[EMAIL PROTECTED]>
  • Subject: RE: manipulating query strings
  • From: "Campbell Murray" <[EMAIL PROTECTED]>
  • Date: Tue, 24 Feb 2004 21:54:19 -0000
  • Cc: <[EMAIL PROTECTED]>
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
The method with which a form passes data specifies whether the
variables, hidden or not, are passed via the query string or otherwise.
What will determine whether you can manipulate hidden fields is the
collection method in the target script.

If, as is the case with .asp, a variable is defined by

Var1=Request.Form("var1") 

then only this request method is used; likewise if the variable is
defined

Var1=Request.QueryString("var1")

then only the querystring is called by the request.  What is however
very common in both PHP and ASP is to shortcut and just use a call to
request a value without specifying a source e.g.

Var1=Request("var1")

In this instance appending to the querystring may well work.

If however this does not work then creating a copy of the html form
which you wish to manipulate and modifying the values yourself within
the source code is a valid method; saving to the desktop and sending the
modified form data to the target script using an absolute URL.  This
technique can also be guarded against if the developer has written their
code properly.

Hope this answers your question.

Campbell Murray




-----Original Message-----
From: Vel [mailto:[EMAIL PROTECTED] 
Sent: 23 February 2004 19:43
To: [EMAIL PROTECTED]
Subject: manipulating query strings 


Hello Group,

Is there a way to send values to hidden fields ,

i.e Input tags with type=hidden attribute a value from the URL if the
action
attribute on the FORM is ACTION ?

e.g:

<FORM form1 ACTION= '/search/search.asp'  METHOD=post>

<Input type=hidden name=serverName value=www.abc.com>
<Input type=hidden name=serverName value=www.def.com>


------------------------------------------------------------------------
---

Given the Method is "POST", can I pass values to the Hidden Input fields
using the URL. i.e URL manipulation ?
I know I can pass variables in URL to Server side script variables if
METHOD
is "GET".

But how about POST method ?

Thanks.

Kumar.


------------------------------------------------------------------------
---
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.