Home page logo

pen-test logo Penetration Testing mailing list archives

Implication of forced http GET request (Web App PT)
From: "Rick Zhong" <sagiko () gmail com>
Date: Wed, 27 Sep 2006 02:14:04 +0800

hi, guys

Just curious to know what are the possible security implications of
permitting forced GET request in a web application? I am pt on this
web application where all the form submission POST request can be
replaced with GET request with all the parameter values appended to
the url.

I remember someone mentioned this in a "session fixation" whitepaper.
Is there any other related risks with this implementation?


This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]