I am checking the logs in my honeypot server (which has no domain name) and I see lots of GET requests like http:///echo.php. This is very confusing because most get requests have a leading slash like GET /index.html. The server has a login button and credential fields and also a file upload option. The html looks like this
HTTP/1.0 200 OK
Server: GoAhead-Webs
Date: Sat, 11 Feb 2023 11:56:33 GMT
Access-Control-Allow-Origin: *
Content-type: text/html
<title>Upload</title>
<form action=/ method=POST ENCTYPE=multipart/form-data>
<input type=file name=upfile>
<input type=submit value=Upload>
<fieldset>
<legend>Form Using GET</legend>
<form method="get">
<p>Username: <input type="text" name="get_arg1"></p>
<p>Password: <input type="text" name="get_arg2"></p>
<input type="submit" value="GET Submit">
</form>
</fieldset>
<p> </p>
<fieldset>
I tried to copy the attack and request my server with GET /../http://www.example.com, that didn't work
Related
<formn action="" method="POST">
<label>Name</label>
<input type="name">
<button name="submit">Submit</button>
</form>
I have also tried
<form ngNoForm action="table.php" method="POST">
<label>Name</label>
<input type="name">
<button name="submit">Submit</button>
</form>
but I keep on getting this error
"Cannot POST /table.php"
I have double checked and even triple checked the spelling and its right.
It's likely the path for the file is wrong. In your first example you used backend/table.php, give that a shot (example below).
<form ngNoForm action="backend/table.php" method="POST">
<label>Name</label>
<input type="text" name="name">
<input type="submit" value="Submit" />
</form>
But more importantly, if you want to submit a POST request through a form you have to set the URL you want to POST to as the form's action. Putting a link around a button will never submit the form.
<button name="submit">Submit</button>
This would just redirect you to backend/table.php, no POST request was sent so no data would be processed.
I am doing scraping of page using PHP cURL. I have to login to the website by passing credentials to login form action. Here is the cases I'm getting.:
Case #1:
When accessing page using browser, this is the form which is being submitted to the server.
<form id="formLogin" name="formLogin" method="post" action="../public/j_security_check">
<input type="hidden" id="j_token" name="j_token" value="0">
<input type="hidden" id="j_username" name="j_username" value="">
<input type="text" id="username_txt" name="username_txt" size="20" onChange="HidePageMessage()" onkeydown='onAutoSubmit(event)'>
<input type="password" id="j_password" name="j_password" size="20" onChange="HidePageMessage()" onkeydown='onAutoSubmit(event)' onkeypress="capsDetect(event)">
<select id="carrierCode" name="carrierCode" STYLE="width: 120px">
<option value="val1">Some Option</option>
<option value="val2">Some Option</option>
<option value="val3">Some Option</option>
<option value="valn">Some Option</option>
</select>
<input type="button" id="btnClose" value="Close" class="loginButton" onclick="window.close()" i18n_key="close">
<input type="button" id="btnLogin" value="Login" class="loginButton" onclick="login()" i18n_key="login">
<input type="hidden" id="hdnUserStatus" name="hdnUserStatus" value="" />
</form>
When I submit button with correct credentials, it sends data to the following url with these information:
General
Request URL:https://example.com/agents/public/j_security_check
Request Method:POST
Status Code:302 Moved Temporarily
Remote Address:86.96.201.171:443
Response Headers
Content-Length:0
Date:Wed, 08 Mar 2017 04:16:15 GMT
Location:http://example.com/agents/private/showXBEMain.action
Set-Cookie:aeroID=16395617314887938521488793852650522;expires=Tue, 02-Jan-2018 04:16:15 GMT;path=/;
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:136
Content-Type:application/x-www-form-urlencoded
Cookie:JSESSIONID=F16F95247A3E529FA526B5FBD6C9CE87.aapuga64; aeroID=16395617314887938521488793852650522
Host:domain.com
Origin:https://example.com
Referer:https://example.com/agents/private/showXBEMain.action
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Form Data
j_token:1
j_username: some_credential
username_txt: loginid
j_password: password
carrierCode: somecode
hdnUserStatus:
As a success result, it's redirected to another page which is correct, but when going to access this page using PHP cURL, it's giving ' Invalid direct reference to form login page' and status code: 400
case #2:
When passing the same field with wrong credentials, it's giving status 200 and a message inside js code 'LOGINFAILED' which is correct, and as expected.
case #3:
When passing the same failds with correct credentials, neither it's redirecting to another page as it should do, nor giving LOGINFAILED message. it's giving 400 status code, and message as 'Invalid direct reference to form login page'
I searched a lot about this on the web, it's a type of j_security_check error of java and the solutions for that is inside the code of server. And in my case I'm doing scraper where I do not know what they have written inside the server.
I have created a page from where users can upload their files. This code snippet send those files to my Amazon S3 bucket.
<form action="https://BUCKET.s3-eu-west-1.amazonaws.com/" method="post" enctype="multipart/form-data">
<input type="hidden" name="awsAccessKey" value="ACCESS_KEY">
<input type="hidden" name="awsSecretKey" value="SECRET_KEY">
<input type="hidden" name="acl" value="private">
<input type="hidden" name="policy" value="POLICY">
<input type="hidden" name="signature" value="SIGNATURE">
<input type="hidden" name="Content-Type" value="">
<!-- Include any additional input fields here -->
File to upload to S3:
<input name="file" type="file">
<br>
<input type="submit" value="Upload File to S3">
</form>
Everything works fine, but I am facing https problems. Main browsers don't trust s3-eu-west-1.amazonaws.com and show security message about untrusted connection.
I changed my the HTTPS connection to HTTP so that my customers don't face any problem. Does someone have any ideas on how to resolve this issue?
Chances are your bucket name has a dot in it. Amazon's S3 wildcard certificates are good for only one level of subdomains, so bucket.s3-eu-west-1.amazonaws.com is fine but bucket.bucket.s3-eu-west-1.amazonaws.com is not. Use this instead:
https://s3-eu-west-1.amazonaws.com/BUCKET/
i am trying to send a emailid from php page to asp page...but its does not receive
by my server. i am using form get method..but if i add # in my mail id..then its show error..other wise its ok.... its my php page coding
<form action="Default.aspx" method="GET" name="frm" title="demo" enctype="multipart/form-data">
Email<br/> <input type="text" name="email"/><br/><br/>
<input type="submit" name="submit"/>
</form>
I have a form, as such
<form action="search.php" method="get" id="search">
<input type="text" name="first_name"/>
<input type="text" name="last_name"/>
<input type="submit" value="Go" id="submit"/>
</form>
I want to make sure the data is valid, so I have a php file I can make an ajax request to access a database, which returns xml as such
<id="111111" first_name="Tom" last_name="Hanks" />
If there is a matching name. There should be no name conflicts. "HTTP/1.1 404 File Not Found" is printed otherwise. After this is done, I want to reach search.php with first_name, last_name, and id. That is, I want to be at:
search.php?first_name=Tom&last_name=Hanks&id=111111
How would I go about this ?
your scenario is similar to the followings, which im sure, you can churn to your own flavors.
[1] http://www.the-art-of-web.com/javascript/ajax-validate/
[2] http://www.dev102.com/2008/05/21/create-interactive-form-validation-using-ajax/