Home page logo

pen-test logo Penetration Testing mailing list archives

Re: manipulating query strings.
From: "Omar V.M." <ovalerio () serpro net mx>
Date: Tue, 24 Feb 2004 19:59:51 -0600 (CST)

Hello vel & list,

I suggest you to use an http proxy like Achilles, then you can edit the 
hidden fields. Since HTTP POST requests go in clear text you would easily 
locate where those values are modified within the request.

A shortcut is to use the Address input box of your browser and write those 
fields just like a GET request. That's because often at the server side 
input is accepted no matter the method being used.

Just like this:



Vel wrote:

Hello Group,

Is there a way to send values to hidden fields ,

i.e Input tags with type=hidden attribute a value from the URL if the 
attribute on the FORM is ACTION ?


<FORM form1 ACTION= '/search/search.asp'  METHOD=post>

<Input type=hidden name=serverName value=www.abc.com>
<Input type=hidden name=serverName value=www.def.com>


Given the Method is "POST", can I pass values to the Hidden Input fields
using the URL. i.e URL manipulation ?
I know I can pass variables in URL to Server side script variables if 
is "GET".

But how about POST method ?



Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:


Omar Valerio Minero
SerproNet S.A. de C.V.
ovalerio () serpro net mx
Tel.: 52 (55) 5395 4246 Ext. 111


  By Date           By Thread  

Current thread:
  • Re: manipulating query strings. Omar V.M. (Feb 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]