Hacking Prevention on Forms!!!!!
Posted: Sun Nov 25, 2007 6:57 pm
I just found by thinking to much as I do a very easy way to hack forms! Now am telling you not so you can go round hacking although funny for you <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> up peoples sites to show there crap coding... maybe? But why bother!!
Anyways this is simple way to do it just so you can prevent this in future!
Basically if some one has not checked the value in the select box. For example you check using php is something like:
Say the site relies heaverly on these values been correct else it could make the site start behaving strangley or even screw it up then you should always check anything even if you think it cant be changed on user side is correct in select box case you just check the value = one that is in the select box or if its say something like date select off a div and you made the box read only but they sent i stupid date and your validation dont check because you think the user cant edit it well they can do that!!!
So I just though I would point out always make sure everything is validated where an select field is used or a readonly box! Just a note!
Security is everything
I am not in anyway saying hack a site using this and anything you do after this point with this information is not liable to me! Just incase!
Anyways this is simple way to do it just so you can prevent this in future!
Code: Select all
<html>
<head>
</head>
<body>
<form name="tipsForm" action="http://www.domain.com" method="POST" />
<input name="selectbox-name" type="text">
<input type="submit" name="submit" value="submit" onclick="submit()">
</form>
</body>
</html>Code: Select all
if (nameofselectbox != "null" && nameofselectbox != "" ) {
error message code
}So I just though I would point out always make sure everything is validated where an select field is used or a readonly box! Just a note!
Security is everything
I am not in anyway saying hack a site using this and anything you do after this point with this information is not liable to me! Just incase!