Home page logo

pen-test logo Penetration Testing mailing list archives

RE: manipulating query strings
From: "Kris Wilkinson" <kris () Titan-Networks ca>
Date: Tue, 24 Feb 2004 11:16:40 -0700

You shouldn't have to worry about this if you are always defining the
variable "serverName" each time the script loads. 

For example ...

If you have 

<Include> config file here w/ variable serverName || just a simple
serverName = 'whatever'
<connect> to server w/ variable serverName 

the serverName variable would overwrite any incoming post information
when it fetches the config file.

-----Original Message-----
From: Vel [mailto:vel () sympatico ca] 
Sent: Monday, February 23, 2004 12:43 PM
To: pen-test () securityfocus com
Subject: manipulating query strings 

Hello Group,

Is there a way to send values to hidden fields ,

i.e Input tags with type=hidden attribute a value from the URL if the
attribute on the FORM is ACTION ?


<FORM form1 ACTION= '/search/search.asp'  METHOD=post>

<Input type=hidden name=serverName value=www.abc.com>
<Input type=hidden name=serverName value=www.def.com>


Given the Method is "POST", can I pass values to the Hidden Input fields
using the URL. i.e URL manipulation ?
I know I can pass variables in URL to Server side script variables if
is "GET".

But how about POST method ?



Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]