From: ma1ler_deamon (ma1ler_deamon@yahoo.com)
Date: Tue Feb 24 2004 - 14:33:13 EST
if a form is designed to accept POST variables, it may also accept
those same variables passed in through the querystring. It may not
it depends on how lazy the developer was when they made it and if
they pulled the values from the global collections or the specific
ones.
ie. foo = Request(bar) , vs foo = Request.QueryString(bar) etc
you can manipulate hidden variables in a number of ways, you can use
an intercept proxy which can be kinda overkill for this, or you can
use custom tools to do it right inside of your browser such as IE
one integrated IE integrated tool I found was this
it does some stuff ok, some stuff I really like, check out the "Browser
Extensions" package, it adds a new right click menu item to your
standard IE context menus that pops up a forms editor. I guess its an
eval version, but there is a free build of the main app as well.
-md
__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:48 EDT