Re: manipulating query strings.

From: Omar V.M. (ovalerio_at_serpro.net.mx)
Date: 02/25/04

  • Next message: Chris.McNab_at_trustmatta.com: "LEAP"
    Date: Tue, 24 Feb 2004 19:59:51 -0600 (CST)
    To: vel@simpatico.ca
    
    

    Hello vel & list,

    I suggest you to use an http proxy like Achilles, then you can edit the
    hidden fields. Since HTTP POST requests go in clear text you would easily
    locate where those values are modified within the request.

    A shortcut is to use the Address input box of your browser and write those
    fields just like a GET request. That's because often at the server side
    input is accepted no matter the method being used.

    Just like this:

    /searc/search.asp?serverName=www.abc.com&serverName=www.def.com

    cu..

    Vel wrote:

    > Hello Group,
    >
    > Is there a way to send values to hidden fields ,
    >
    > i.e Input tags with type=hidden attribute a value from the URL if the
    action
    > attribute on the FORM is ACTION ?
    >
    > e.g:
    >
    > <FORM form1 ACTION= '/search/search.asp' METHOD=post>
    >
    > <Input type=hidden name=serverName value=www.abc.com>
    > <Input type=hidden name=serverName value=www.def.com>
    >
    >
    >
    ---------------------------------------------------------------------------
    >
    > Given the Method is "POST", can I pass values to the Hidden Input fields
    > using the URL. i.e URL manipulation ?
    > I know I can pass variables in URL to Server side script variables if
    METHOD
    > is "GET".
    >
    > But how about POST method ?
    >
    > Thanks.
    >
    > Kumar.
    >
    >
    >
    ---------------------------------------------------------------------------
    > Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    >
    > Protect your network with the comprehensive security solution that
    > integrates six applications for ease of use and lower TCO.
    >
    > Firewall - Virus protection - Spam protection - URL blocking - VPN
    > - Wireless security.
    >
    > Download 30-day evaluation at:
    > http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
    >
    ----------------------------------------------------------------------------
    >

    -- 
    --
    Omar Valerio Minero
    SerproNet S.A. de C.V.
    ovalerio@serpro.net.mx
    Tel.: 52 (55) 5395 4246 Ext. 111
    http://www.serpro.net.mx/
    http://www.benology.com.mx/
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: Chris.McNab_at_trustmatta.com: "LEAP"

    Relevant Pages

    • Re: PHP Passing Variables Between Pages and Security
      ... i'm thinking i can check the submitting page ... *IF* you VALIDATE THE REQUEST when it is submitted. ... that the user has the authority to remove the specific record he ... Hidden fields are occasionally useful for protection against ...
      (comp.lang.php)
    • [OT] HTML Form/Page and Navigation with multiple buttons
      ... for Session Data (probably use hidden fields ?? ... relevant context from request to request or use server-side 'sessions' - which usually means using a cookie to store the session identifier on the client-side, and use some kind of persistant storage on the server side. ... who care are able to read the HTML source code and read these values. ...
      (comp.lang.python)
    • Re: Socket question!
      ... > I would like to execute several HTTP POST requests to my localhost web ... > The problem is that after the first request the Web server closes the ...
      (comp.lang.java.programmer)