Anyone know about hacking hidden input types ?
ie
input type="hidden"
I have a website which has hidden input types and have read that these are hackable. How are they hackable and what risk are they to my site ?
Thanks
Printable View
Anyone know about hacking hidden input types ?
ie
input type="hidden"
I have a website which has hidden input types and have read that these are hackable. How are they hackable and what risk are they to my site ?
Thanks
SamSpade from samspade.org has a check box in it's 'crawl website' feature to search for hidden form values.
use that and you can find out just what the values are.
They aren't a problem, the REAL problem is that when people use them, they often set up a lazy system that allows a malicious user to substitute values when they send in the information.Quote:
Originally posted by keen2learn
Anyone know about hacking hidden input types ?
ie
input type="hidden"
I have a website which has hidden input types and have read that these are hackable. How are they hackable and what risk are they to my site ?
Thanks
For instance...
Some badly-designed sites, instead of keeping a database of prices for their products, instead WRITE the price into the webpage as a hidden value. When people submit their purchase, the browser takes this value and submits it along with everything else. But there is nothing to keep someone from saving the html file, editing the price that is stored in the page, and then clicking submit, and making the server think they are buying a $1 item instead of a $200 item.
Thanks Tedob1 I'll take a look at samspade.org (actually I had a copy which expired months ago - I'll take another look).
Terr, thanks also to you, you have lessened my worry. I copied a lot of the source from another page, however I don't use any critical data within the page (like prices etc.) as I've seen how they can be altered.
Thanks again 2 u both.
I really appreciate your responses.
- Cheers