Penetration Testing mailing list archives
Implication of forced http GET request (Web App PT)
From: "Rick Zhong" <sagiko () gmail com>
Date: Wed, 27 Sep 2006 02:14:04 +0800
hi, guys Just curious to know what are the possible security implications of permitting forced GET request in a web application? I am pt on this web application where all the form submission POST request can be replaced with GET request with all the parameter values appended to the url. I remember someone mentioned this in a "session fixation" whitepaper. Is there any other related risks with this implementation? regards, Rick ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Implication of forced http GET request (Web App PT) Rick Zhong (Sep 26)
- RE: Implication of forced http GET request (Web App PT) Marvin Simkin (Sep 28)