Insert a record without showing it to public

Discuss the many weaknesses of browser security and ways to mitigate the threat

Insert a record without showing it to public

Post by newbie_toy on Mon Nov 22, 2010 3:14 pm
([msg=49250]see Insert a record without showing it to public[/msg])

I know this sounds ridiculous and impossible. But I just want to make sure. For instance, I have a webpage which select all the rows and show them on the webpage. I will call this a list page, and another which has a form to fill in. After I fill in the form and click submit the details I have entered will be shown on the list page. It's very basic web programming.

So, my question is, is there a hacky way after I submitted the form, all the information is stored in the database, BUT it won't show up in the list page. It's like hiding a particular row.

Thanks
newbie_toy
New User
New User
 
Posts: 2
Joined: Mon Nov 22, 2010 3:07 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by Goatboy on Mon Nov 22, 2010 3:47 pm
([msg=49251]see Re: Insert a record without showing it to public[/msg])

I will convert this to English:

newbie_toy wrote:I know this might sound difficult, but I just wanted to ask:

There is a webpage (which I do not own) that SELECTS and displays all the rows of a database table. There is another form used to enter information into the table, which can then be displayed on the other page. This is a very complicated concept for me.

So my question is: Would it be possible to insert a row into the table, yet have it not show up in the search results?

Hurry up and give me answers.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2807
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by fabianhjr on Mon Nov 22, 2010 6:42 pm
([msg=49258]see Re: Insert a record without showing it to public[/msg])

Hmmm, I wonder if you could Null Byte Poison it. :/
I will be doing some tests. BRB
Donate bitcoins to me! [1DhRP3hHgmSLQdRTZyT8VPTmzAj7Z2rsGA]
Dunno what bitcoins are? BitcoinMe
fabianhjr
Poster
Poster
 
Posts: 286
Joined: Tue Sep 21, 2010 7:48 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by sanddbox on Mon Nov 22, 2010 7:35 pm
([msg=49263]see Re: Insert a record without showing it to public[/msg])

The answer to that really depends if the website is yours or someone else's. I highly doubt it's yours, so I would say no.

-- Mon Nov 22, 2010 7:37 pm --

fabianhjr wrote:Hmmm, I wonder if you could Null Byte Poison it. :/
I will be doing some tests. BRB


If the site's PHP only then it won't be vulnerable...although I don't really see how null byte poisoning would accomplish what he wants in the first place.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by newbie_toy on Mon Nov 22, 2010 8:10 pm
([msg=49267]see Re: Insert a record without showing it to public[/msg])

It's not mine website. It's just I wanted to kid my friend. So, the answer would be no to that?

Plus it's JSP website.

Thanks by the way.
newbie_toy
New User
New User
 
Posts: 2
Joined: Mon Nov 22, 2010 3:07 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by Defience on Mon Nov 22, 2010 8:12 pm
([msg=49268]see Re: Insert a record without showing it to public[/msg])

Goatboy wrote:I will convert this to English: .....


Well translated, Goatboy.
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by alltheprettyhorses on Mon Nov 22, 2010 8:13 pm
([msg=49271]see Re: Insert a record without showing it to public[/msg])

newbie_toy wrote: It's just I wanted to kid my friend.


Mhmmmm.....
"So this is how liberty dies; With thunderous applause..."
User avatar
alltheprettyhorses
New User
New User
 
Posts: 42
Joined: Sun Sep 05, 2010 10:17 am
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by centip3de on Mon Nov 22, 2010 10:16 pm
([msg=49278]see Re: Insert a record without showing it to public[/msg])

newbie_toy wrote:It's not mine website. It's just I wanted to kid my friend. So, the answer would be no to that?

Plus it's JSP website.

Thanks by the way.


Since Goatboy did such a good job with the previous one, I'll give this one a shot.

newbie_toy wrote:It's not my own website, I just wanted to mess with my friend. So the answer is no? Also, it's a JSP website.

Thanks by the way!
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1420
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by Goatboy on Mon Nov 22, 2010 10:56 pm
([msg=49284]see Re: Insert a record without showing it to public[/msg])

Yes, but mine was funny =\
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2807
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by centip3de on Mon Nov 22, 2010 11:01 pm
([msg=49286]see Re: Insert a record without showing it to public[/msg])

Goatboy wrote:Yes, but mine was funny =\


Damn.... I has failed D:
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1420
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Next

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests