Insert a record without showing it to public

Discuss the many weaknesses of browser security and ways to mitigate the threat

Re: Insert a record without showing it to public

Post by alltheprettyhorses on Tue Nov 23, 2010 9:25 am
([msg=49304]see Re: Insert a record without showing it to public[/msg])

newbie_toy wrote:It's not mine website. It's just I wanted to kid my friend. So, the answer would be no to that?

Plus it's JSP website.

Thanks by the way.


Well, if we're all going to have a go at translation.....

It's not my website. Heck, it's not even my friends website, I just wanted to get some quick 'l33t h4x' so I could look like the alpha male around my computer friends, however, I also realise that HTS users will see through this paper-thin cover story and thusly you probably won't help.

Plus it's a JSP website.

hurry the fuck up guys.
"So this is how liberty dies; With thunderous applause..."
User avatar
alltheprettyhorses
New User
New User
 
Posts: 42
Joined: Sun Sep 05, 2010 10:17 am
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by Bren2010 on Sat Dec 25, 2010 1:24 am
([msg=51094]see Re: Insert a record without showing it to public[/msg])

newbie_toy wrote:So, my question is, is there a hacky way after I submitted the form, all the information is stored in the database, BUT it won't show up in the list page. It's like hiding a particular row.


Why would you ask such a question? :| Even if he was hacking, there'd be no practical gain.
'Haha! I hacked your site! I made a row that doesn't show up!'
'Prove it.'

And no, if a row is inserted, it's inserted. Period. Unless the 'list' page filters what it shows by some value, and there's a way you can make your entry match that filter, then it will show up.
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by fashizzlepop on Sat Dec 25, 2010 1:50 am
([msg=51096]see Re: Insert a record without showing it to public[/msg])

Actually, depending on what from the DB is posted, this IS entirely possible... that is, if it is vulnerable to XSS.

Example: You submit, Name: "<!-- A33H013fromOUTERSPAZE -->" Email: "<!-- eatshit@christianscatporn.net -->"

It would not "display" the information in the browser but it would, of course, be in the source.

Have fun with that, and of course, you MUST use the information I provided only for the purposes of getting free pr0n.

Cheers.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by Bren2010 on Sat Dec 25, 2010 9:39 pm
([msg=51150]see Re: Insert a record without showing it to public[/msg])

fashizzlepop wrote:Example: You submit, Name: "<!-- A33H013fromOUTERSPAZE -->" Email: "<!-- eatshit@christianscatporn.net -->"

Actually, that'd be similar to just inserting a blank entry. There would still be an empty space for it on the page, which even though it's nitpicky, is still showing it to the public. I had assumed the OP was talking about it not showing up at all, although if that fulfils their desire, then oh well.
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Insert a record without showing it to public

Post by fashizzlepop on Sun Dec 26, 2010 4:48 pm
([msg=51182]see Re: Insert a record without showing it to public[/msg])

I think he wanted info actually submitted, just have it hidden to general view so he could point it out to his friend and be a l33t hxr.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Previous

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests