Think Simple (Web forms)
Instead of trying clever tricks, to by-pass forms and their arguments and how to reach the next page by providing as little private information as possible, sometimes the simplest approach is the most effective.
At the time of posting these to sites bellow have no or very basic form checks therefore allowing the user to progress without providing any information.
Site: Hugin Expert
URL: http://www.hugin.com/Products_Services/Products/Demo/AdvisorEval/Form/
Analysis of Problem: If you just push Download the cgi script, where the information is sent to, looks if the email address is not null(throws an error if null).Now by going back and filling in a letter in the e-mail field(not even a valid email is required), you can proceed to the sites download links.
Site: Security Innovation
URL:
http://www.sisecure.com/holodeck/holodeck-trial.shtml
Analysis of Problem: This site's form is the best example of this problem.(Unless intended) Just push "Proceed to Download".
man0war
At the time of posting these to sites bellow have no or very basic form checks therefore allowing the user to progress without providing any information.
Site: Hugin Expert
URL: http://www.hugin.com/Products_Services/Products/Demo/AdvisorEval/Form/
Analysis of Problem: If you just push Download the cgi script, where the information is sent to, looks if the email address is not null(throws an error if null).Now by going back and filling in a letter in the e-mail field(not even a valid email is required), you can proceed to the sites download links.
Site: Security Innovation
URL:
http://www.sisecure.com/holodeck/holodeck-trial.shtml
Analysis of Problem: This site's form is the best example of this problem.(Unless intended) Just push "Proceed to Download".
man0war
posted by man0war at
23:22
0 Comments:
Post a Comment
<< Home