Re: manipulating query strings
From: marko (chrome_at_liquidinfo.net)
Date: 02/26/04
- Previous message: R. DuFresne: "Re: Scanning tool that will track and report diffs"
- Maybe in reply to: Vel: "manipulating query strings"
- Next in thread: Nick Besant: "RE: manipulating query strings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Feb 2004 08:43:44 +0200 To: vel@sympatico.ca, pen-test@securityfocus.com
Hi!
>Is there a way to send values to hidden fields,
>i.e Input tags with type=hidden attribute a value from the URL if the
>>action attribute on the FORM is ACTION ?
Yes, you could copy the page locally and edit it, before you execute the
form. Or another method is using a local intercepting proxy for this.
Instead of repeating things, you might want to check out the
webappsec-mailinglist archives on SecurityFocus, where there was a
discussion about different proxies just a few digests ago.
>But how about POST method ?
Same applies to POST :) In my opinion, using a local proxy is more
convenient than copying the page locally on your harddrive.
Best Regards,
-m-
-- - Liquid Information - http://www.liquidinfo.net - E-mail: Remove NOS_PAM if present in address (Usenet) - PGP: http://www.liquidinfo.net/about.html -- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: R. DuFresne: "Re: Scanning tool that will track and report diffs"
- Maybe in reply to: Vel: "manipulating query strings"
- Next in thread: Nick Besant: "RE: manipulating query strings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
