RE: manipulating query strings
From: Kris Wilkinson (kris_at_Titan-Networks.ca)
Date: 02/24/04
- Previous message: cissper: "RE: nessus which plug'in reports which vulnerability?"
- Maybe in reply to: Vel: "manipulating query strings"
- Next in thread: ma1ler_deamon: "Re: manipulating query strings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Feb 2004 11:16:40 -0700 To: "Vel" <vel@sympatico.ca>, <pen-test@securityfocus.com>
You shouldn't have to worry about this if you are always defining the
variable "serverName" each time the script loads.
For example ...
If you have
<Include> config file here w/ variable serverName || just a simple
serverName = 'whatever'
<connect> to server w/ variable serverName
the serverName variable would overwrite any incoming post information
when it fetches the config file.
-----Original Message-----
From: Vel [mailto:vel@sympatico.ca]
Sent: Monday, February 23, 2004 12:43 PM
To: pen-test@securityfocus.com
Subject: manipulating query strings
Hello Group,
Is there a way to send values to hidden fields ,
i.e Input tags with type=hidden attribute a value from the URL if the
action
attribute on the FORM is ACTION ?
e.g:
<FORM form1 ACTION= '/search/search.asp' METHOD=post>
<Input type=hidden name=serverName value=www.abc.com>
<Input type=hidden name=serverName value=www.def.com>
------------------------------------------------------------------------
--- Given the Method is "POST", can I pass values to the Hidden Input fields using the URL. i.e URL manipulation ? I know I can pass variables in URL to Server side script variables if METHOD is "GET". But how about POST method ? Thanks. Kumar. ------------------------------------------------------------------------ --- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_pen-test_040219 ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: cissper: "RE: nessus which plug'in reports which vulnerability?"
- Maybe in reply to: Vel: "manipulating query strings"
- Next in thread: ma1ler_deamon: "Re: manipulating query strings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
