Penetration Testing mailing list archives

Implication of forced http GET request (Web App PT)

From: "Rick Zhong" <sagiko () gmail com>
Date: Wed, 27 Sep 2006 02:14:04 +0800

hi, guys

Just curious to know what are the possible security implications of
permitting forced GET request in a web application? I am pt on this
web application where all the form submission POST request can be
replaced with GET request with all the parameter values appended to
the url.

I remember someone mentioned this in a "session fixation" whitepaper.
Is there any other related risks with this implementation?

regards,
Rick

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Implication of forced http GET request (Web App PT) Rick Zhong (Sep 26)
- RE: Implication of forced http GET request (Web App PT) Marvin Simkin (Sep 28)