Home page logo

pen-test logo Penetration Testing mailing list archives

Re: manipulating query strings
From: Markus Toman <m.toman () sec-consult com>
Date: Wed, 25 Feb 2004 15:57:03 +0100


The HTTP header sent by the browser contains the POST-Variables.
There are many ways to change the value in hidden fields.

- Save the Page, change the source, change form action from '/search/search.asp' to 'http://<whatever>/search/search.asp' and the hidden field values to what ever you like.

- Write a prog or use telnet and send the HTTP header yourself

- Try Firefox with the Live HTTP headers plugin. you can capture outgoing http requests, modify them and send again..

Vel wrote:

Hello Group,

Is there a way to send values to hidden fields ,

i.e Input tags with type=hidden attribute a value from the URL if the action
attribute on the FORM is ACTION ?


<FORM form1 ACTION= '/search/search.asp'  METHOD=post>

<Input type=hidden name=serverName value=www.abc.com>
<Input type=hidden name=serverName value=www.def.com>


Given the Method is "POST", can I pass values to the Hidden Input fields
using the URL. i.e URL manipulation ?
I know I can pass variables in URL to Server side script variables if METHOD
is "GET".

But how about POST method ?



Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]