WebApp Sec mailing list archives
Re: GET and POST Methods Accepted
From: "christopher baus" <christopher () baus net>
Date: Thu, 13 Oct 2005 03:02:35 -0000 (GMT)
I have seen this recently on J2EE sites and CGI (PERL, PYTHON, Binary).
I know for a fact that this part of the Java servlet spec (POST's and GET's look exactly the same to servlet handler). It gets confusing if the POST request has parameters in the URL and the body which is legal. Oddly the practice of encoding query parameters in the body of POST requests is not part of HTTP spec, and as near as I can tell it started with NCSA Mosaic and has been used ever since.
Current thread:
- GET and POST Methods Accepted Welsh, Ed (Oct 12)
- Re: GET and POST Methods Accepted Joe Teff (Oct 12)
- Re: GET and POST Methods Accepted christopher baus (Oct 12)
- Re: GET and POST Methods Accepted Stephen de Vries (Oct 13)
- Re: GET and POST Methods Accepted christopher baus (Oct 13)
- Re: GET and POST Methods Accepted Stephen de Vries (Oct 13)
- Re: GET and POST Methods Accepted Damien Watson (Oct 13)
- Re: GET and POST Methods Accepted Serg Belokamen (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted Amit Klein (AKsecurity) (Oct 13)
- Re: GET and POST Methods Accepted John GALLET (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted John GALLET (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted Paul Laudanski (Oct 18)
(Thread continues...)