POST a Form with specially crafted URL
Results 1 to 7 of 7

Thread: POST a Form with specially crafted URL

  1. #1
    Junior Member
    Join Date
    Dec 2001
    Posts
    21

    Question POST a Form with specially crafted URL

    Hey,
    Maybe this isn't the place for this question (and my bad if it isn't), but it seems to fit the best here.

    Does anyone know how to craft a URL so that it executes a FORM POST/SUBMIT when visited?

    IE: I need to be able to fill in a form (got this done) and then post it all with a URL.
    I'm working on this for a odd XSS bug I found. However, I can't find how submit the form and it seems there should be safeguards against doing it since you could fake submissions, votes/polls, and tons of other stuff.

    Thanks for the help (I'm hoping),
    -DarC
    The
    -(DiR)-

    DarC Infinity Rising

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    You can only edit submited info through the URL if the form uses the GET methode... Using the POST method, it's doable but more complicated as you have to craft an http request... (there are probably tools that though...)

    Ammo
    Credit travels up, blame travels down -- The Boss

  3. #3
    Member
    Join Date
    Jul 2002
    Posts
    46
    You could probably make a CGI script to automatically submit a form, or use some sort of forwarding (javascript?) script to submit the form via POST, then redirect the user to another page. Just quick ideas.... never had to do it.

  4. #4
    Banned
    Join Date
    Nov 2001
    Posts
    43
    What you can do is make a form yourself in php or whatever with the same named inputs and set the form action to the url of whatever script you want it to send to. Another thing you could possibly do (depending on what language this is) is view the source, look at the names of the inputs then make a url yourself. If you see a page with the form action of post.php and inputs named text1 and text2, then you could make a url http://thesite.com/post.php?text1=wh...ext2=whatever. Im not positive that this will work but its worth a try.

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    150
    You can use javascript for this this:

    Code:
     document.theForm.submit();
    Where theForm is the name of the form.

  6. #6
    Junior Member
    Join Date
    Dec 2001
    Posts
    21

    More details

    Some of the posts have been semi helpful (and I haven't tried them yet but I decided to write this now, pffT).

    The daemon I'm butt raping at the moment is a webmail daemon that operates under NT. TO THE BEST OF MY KNOWLEDGE it operates as a executable that handles the mail/connections/client/server/everything. The code of the button I need to push (or make the server believe I pushed IE: submitted) is as
    follows:

    <INPUT CLASS="button" TYPE="submit" NAME="Save_x" VALUE="Save Changes">

    That is what I need to pull off; as far as PHP or CGI scripting I'm not sure where to send it to. The URL never shows it if it uses scripts and the page code doesn't help any except for showing the names of the inputs. The code above is all the relevant code that composes the button, HOWEVER the following code appears at the top of the page where it declares several hidden inputs.:

    <INPUT TYPE="hidden" NAME="Save_x" VALUE="13">

    I'm assuming they're related (as per the Save_x name) but not sure how (this seems a rudimentary piece of code so I'm sure someone with more webcode experiance than me can ID it).
    Maybe this helps you understand my situation better?
    Thanks again.
    -DarC
    The
    -(DiR)-

    DarC Infinity Rising

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    150
    again, i think if you write a little bit of javascript to call the form submit I coded above, it does the same thing as clicking the button...regardless of where the form is supposed to go (ovbiously it doesn't go to a cgi script or asp page, it just does some stuff on its own.

    give the submit a try and let us know.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides