html forms with post and get

Discuss the many weaknesses of browser security and ways to mitigate the threat

html forms with post and get

Post by h4acktut on Mon Mar 08, 2010 8:29 am
([msg=36306]see html forms with post and get[/msg])

After doing one of the missions (I won't say which one, because it's not about that...), I am wondering if the post and get methods are interchangable from the server's point of view. Suppose there is some website containing a form with method = post and I send the field values to the receiver by encoding them into the uri (so in fact using the get method). I suppose there has to be a wrapper library at the server's side abstracting away the differences between the two methods. Is that right and does someone know more about that?
h4acktut
New User
New User
 
Posts: 4
Joined: Mon Mar 08, 2010 8:20 am
Blog: View Blog (0)


Re: html forms with post and get

Post by neuromanta on Mon Mar 08, 2010 8:58 am
([msg=36307]see Re: html forms with post and get[/msg])

h4acktut wrote:After doing one of the missions (I won't say which one, because it's not about that...), I am wondering if the post and get methods are interchangable from the server's point of view. Suppose there is some website containing a form with method = post and I send the field values to the receiver by encoding them into the uri (so in fact using the get method). I suppose there has to be a wrapper library at the server's side abstracting away the differences between the two methods. Is that right and does someone know more about that?


I'm not quite sure what the actual question is, but...
POST and GET methods can be used at the same time (in the same request). Take a look at the HTTP request sintax: the GET data can be written in the url, and the POST data takes place in the HTTP message body. On the server side, you can read out the POST and GET data seperately (for exaple in PHP, $_GET["name"], and $_POST["name"]).
User avatar
neuromanta
Poster
Poster
 
Posts: 302
Joined: Mon Nov 30, 2009 9:29 am
Location: Hungary
Blog: View Blog (0)


Re: html forms with post and get

Post by h4acktut on Mon Mar 08, 2010 10:25 am
([msg=36311]see Re: html forms with post and get[/msg])

No, that was not my question - perhaps I didn't express myself clear enough ;)
I don't want to use post and get methods together but rather use the get method where the form says it uses the post method (and so the server should actually be expecting the data to be sent via the latter). So you have a form with method=post and instead of pressing some submit bottom for sending your data to the server, you put the name - value pairs in the url (given by the action field) and make a normal html request. That means the website is designed to use the post method but you instead use the get method.
h4acktut
New User
New User
 
Posts: 4
Joined: Mon Mar 08, 2010 8:20 am
Blog: View Blog (0)


Re: html forms with post and get

Post by Goatboy on Mon Mar 08, 2010 5:26 pm
([msg=36330]see Re: html forms with post and get[/msg])

Generally this will not work. A server has three general methods of handling form input: GET, POST, and REQUEST. GET will take parameters from the URL, POST will only take them from the form, and REQUEST will handle whatever is sent to it. There are some other details (REQUEST will handle cookies, there are size restrictions, etc.) but for the most part this is what you need to know. So, if a server is expecting POST data and it receives GET, it won't know how to handle it.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2822
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: html forms with post and get

Post by h4acktut on Tue Mar 09, 2010 1:48 am
([msg=36371]see Re: html forms with post and get[/msg])

Hmmm, then I would suggest to change this detail in one mission. I really was wondering how this should get done at the server's side... However, it is possible to write some wrapper lib but as I read from your comment few sites actually do it. Who shall I pm concerning the mission?
h4acktut
New User
New User
 
Posts: 4
Joined: Mon Mar 08, 2010 8:20 am
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests