SIMPLE HTML FORMS
1. Bypassing Required Fields
The onsubmit attribute generally points to a function that checks the form to have the correct format. A function that does this may look something like this:
if(x.email.value=="") return false;
form name="spamform" method="post" action="process.php" onsubmit="return formSubmit(this);"
Both of these 'queries' will allow you to submit the form free of restrictions. The secret is how to execute this. I do this using my browser's Location bar. All you have to do is enter this text into the location bar and press enter:
You will see an alertbox with "return true;" instead of dumping this value out to the webbrowser. Once you have executed this query you will be able to enter whatever value into whatever field in spamform.
2. Changing Fields' Values
If you have managed to change a form's onsubmit attribute to let you do whatever the (filtered) you want, what are the limits? Of course now you know that you can modify the onsubmit attribute of a form from the location bar, same goes for any attributes of any object in the page. This is how you can do it:
But of course, you already knew that. Didn't you? You can change the values of pretty much anything inside a form, including radios, checkboxes, selects, hidden values, buttons, anything!
|Total comments: 0|