Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: (clarification) GET and POST Methods Accepted

from [Joe Teff] Network Security [Permanent Link]
Subject: RE: (clarification) GET and POST Methods Accepted
Date: Thu, 13 Oct 2005 23:17:31 -0500 
I see shortcuts taken a lot. An example is using ASP where Request
("variablename") is used to retreive a value rather than Request.Form
("variablename") or Request.QueryString("variablename"). When using the 
abbreviated form, ASP checks the QueryString, then Form, then Cookies, 
then ClientCertificate, then ServerVariables.

It's not uncommon in servlets to see a call to doPost from inside the 
doGet. Less common is when service is overridden instead of the doPost or 
doGet.

JSP's almost always use request.getParameter without checking the request 
method.

These are examples, not a definitive list of all languages, environments.

Joe


-----Original Message-----
From: "Evans, Arian" <Arian.Evans@fishnetsecurity.com>
To: <webappsec@securityfocus.com>
Date: Thu, 13 Oct 2005 13:24:02 -0500
Subject: RE: (clarification) GET and POST Methods Accepted


1) Are other people seeing that the applications they test
accept GETs where they are intended/expecting to accept POSTs?

2) Are you seeing this more or less on specific platforms?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: GET and POST Methods Accepted, John GALLET
Next by Date:  RE: (clarification) GET and POST Methods Accepted, Amit Klein (AKsecurity)
Previous by Thread:  RE: (clarification) GET and POST Methods Accepted, Evans, Arian
Next by Thread:  RE: (clarification) GET and POST Methods Accepted, Amit Klein (AKsecurity)
Indexes:  [Date] [Thread] [Top] [All Lists]