Re: manipulating query strings.

From: Omar V.M. (ovalerio@serpro.net.mx)
Date: Tue Feb 24 2004 - 20:59:51 EST

• Next message: Chris.McNab@trustmatta.com: "LEAP"
• Previous message: Don Parker: "Re: Obfuscated shellcode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello vel & list,

I suggest you to use an http proxy like Achilles, then you can edit the
hidden fields. Since HTTP POST requests go in clear text you would easily
locate where those values are modified within the request.

A shortcut is to use the Address input box of your browser and write those
fields just like a GET request. That's because often at the server side
input is accepted no matter the method being used.

Just like this:

/searc/search.asp?serverName=www.abc.com&serverName=www.def.com

cu..

Vel wrote:

> Hello Group,
>
> Is there a way to send values to hidden fields ,
>
> i.e Input tags with type=hidden attribute a value from the URL if the
action
> attribute on the FORM is ACTION ?
>
> e.g:
>
> <FORM form1 ACTION= '/search/search.asp' METHOD=post>
>
> <Input type=hidden name=serverName value=www.abc.com>
> <Input type=hidden name=serverName value=www.def.com>
>
>
>
---------------------------------------------------------------------------
>
> Given the Method is "POST", can I pass values to the Hidden Input fields
> using the URL. i.e URL manipulation ?
> I know I can pass variables in URL to Server side script variables if
METHOD
> is "GET".
>
> But how about POST method ?
>
> Thanks.
>
> Kumar.
>
>
>
---------------------------------------------------------------------------
> Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
>
> Protect your network with the comprehensive security solution that
> integrates six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
>
----------------------------------------------------------------------------
>

-- 
--
Omar Valerio Minero
SerproNet S.A. de C.V.
ovalerio@serpro.net.mx
Tel.: 52 (55) 5395 4246 Ext. 111
http://www.serpro.net.mx/
http://www.benology.com.mx/
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Chris.McNab@trustmatta.com: "LEAP"
• Previous message: Don Parker: "Re: Obfuscated shellcode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT