Question about "Submit" form - BE AWARE COULD CONTAIN SPOILER

Princess slag

noname [egorius]
7 years ago | edited 7 years ago

0

Hi there.

BE AWARE COULD CONTAIN SPOILER !!!

I have a question about tampering data (well not exactly tampering but anyway), I tried to use Tamper Data (URL: https://www.hackthis.co.uk/levels/extras/real/5/admin.php?) add-in and it seems like no data been transferred, so I looked at the source code:
<form><input type="password" name="password" /><input type="submit" /></form>
so I realized that “action” is missing… Can I conclude that this form actually does nothing (I mean not connected to anything and basically useless) ?

Thanks, and have an awesome day!?

6replies

2voices

299views

dloser
7 years ago

0

It depends on the browser/client you are using and how it interprets the source. If you press submit and something happens, then it does work and you are probably missing something. (I’m not familiar with Tamper Data, so can’t say anything about that.)

noname [egorius]
7 years ago

0

Well, my browser client is FireFox and I tried to tamper data with “Tamper Data” add-in…

dloser
7 years ago

0

If you press submit and something happens, then it does work and you are probably missing something.

Does something happen? Page refreshes? Input field is emptied? Focus changes?

Are you perhaps only checking for a POST? Because that’s something you’ll definitely won’t see. At best it defaults to GET.

noname [egorius]
7 years ago

0

OK, so I switched to Burp Suite, this is what it looks like:
GET /levels/extras/real/5/admin.php?**password=asdfghj** HTTP/1.1
As I understand from you, the data is transfered via URL (I mean password=), is that what you talking ?

dloser
7 years ago

0

Yes. Should be very familiar from the main and basic levels, I’d think.

noname [egorius]
7 years ago

0

Thanks, the issue is closed.

Discussion thread has been locked. You can no longer add new posts.