Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: manipulating query strings
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: manipulating query strings
  • From: Markus Toman <[EMAIL PROTECTED]>
  • Date: Wed, 25 Feb 2004 15:57:03 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
  • Organization: SEC Consult
  • References: <[EMAIL PROTECTED]>
.
 
Hi

The HTTP header sent by the browser contains the POST-Variables.
There are many ways to change the value in hidden fields.

i.e.:
- Save the Page, change the source, change form action from '/search/search.asp' to 'http://<whatever>/search/search.asp' and the hidden field values to what ever you like. 

- Write a prog or use telnet and send the HTTP header yourself
- Try Firefox with the Live HTTP headers plugin. you can capture outgoing http requests, modify them and send again.. 
http://www.mozilla.org/products/firefox/
http://texturizer.net/firefox/extensions/#livehttpheaders



Vel wrote:


Hello Group,

Is there a way to send values to hidden fields ,

i.e Input tags with type=hidden attribute a value from the URL if the action
attribute on the FORM is ACTION ?

e.g:

<FORM form1 ACTION= '/search/search.asp'  METHOD=post>

<Input type=hidden name=serverName value=www.abc.com>
<Input type=hidden name=serverName value=www.def.com>


---------------------------------------------------------------------------

Given the Method is "POST", can I pass values to the Hidden Input fields
using the URL. i.e URL manipulation ?
I know I can pass variables in URL to Server side script variables if METHOD
is "GET".

But how about POST method ?

Thanks.

Kumar.


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------





---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.