Re: How to shortcut execute php script without filling out form?

From: Brendan Gillatt <brendanREMOVETHIS@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Oct 2007 22:25:11 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

worktech@xxxxxxxxx wrote:

This is not my website I am dealing with, it is a public site that
uses a form that has the code above. So why can't I just pass the
data through the address bar? Is there some security in place that
might prevent url passing of variables?

The problem arising from this is what could occur when someone bookmarks
or links to a URL with data in them. Every search engine that will find
the link will also execute the script and submit the data.

GET should always be used to _get_ data from a server, POST should always
be used to _modify_ data on a server and HEAD should always be used to
_retrieve headers_ from a server.

If I can't do that, would writing a script that uses sockets be able
to accomplish this somehow?

Sure it is. Read up on the HTTP specs. After all, your browser uses
sockets to send the data to the server.

Or is it somehow not possible without
using their html form

A HTML form simply describes what data the browser should allow a user to
submit.

- --
Brendan Gillatt
brendan {at} brendangillatt {dot} co {dot} uk
http://www.brendangillatt.co.uk
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBACD7433
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFHDpS3kA9dCbrNdDMRAtKaAKCkJj1Tf004ECPugEavPPSIHjTKaACgg/Zf
pJPbJQfMTE9tI2fYG07n3Zo=
=+3CE
-----END PGP SIGNATURE-----
.

References:
- How to shortcut execute php script without filling out form?
  - From: worktech

Prev by Date: Re: Is possible to emulate php 4?
Next by Date: Re: Brendan Gillatt Has Bestiality Pedophile Sex With Farm Animals And 12 Year Old Little Girls
Previous by thread: How to shortcut execute php script without filling out form?
Next by thread: Re: How to shortcut execute php script without filling out form?
Index(es):
- Date
- Thread

Relevant Pages

Re: Is possible to emulate php 4?
... you can run different versions of PHP on the same server ... Brendan Gillatt ... brendan brendangillatt {dot} co uk ...
(alt.php)
Re: periods in full text
... If the dot is important to ... query to do this combined approach. ... Is this just how SQL Server works? ... word file says that 1 is a noise word. ...
(microsoft.public.sqlserver.fulltext)
Re: Unable to connect to DOMAIN Controller
... Your first mistake was to name the local AD domain the same as the internet ... > So I was forced to rebuild the server. ... The internal network is 10 dot while my external ...
(microsoft.public.backoffice.smallbiz2000)
Re: System.out PrintWriter print() and flush() not flushing?
... I have a thread that listens to a server socket. ... While the program is listening and not receiving a message I simply ... Does anyone know how to print only a dot without a newline? ... if (wasNullBefore) ...
(comp.lang.java.help)
[NT] Web Browsers Vulnerable to the Extended HTML Form Attack
... inject HTML scripts, which makes use of the same method described in the ... The Original HTML form attack: ... server 7 open ...
(Securiteam)