manipulating $_POST[]

Hi every one
Is it possible to assign a value to $_POST except using <form> submitting
and accessing to the source of page(this is not my page) ?
I want to escape from mysql_real_escape_string()
(or something like this) that php automatically implement
when you submit a form(php5).
is $_POST vulnerable ?
*
*
login.php
<form method=post action=welcome.php>
<input type = text name = user>
<input type = submit>
*
*
welcome.php
<?
$user = $_POST['user'];
...
....
.....
?>
*
*
thank you in advance

 

vulnerable? Sounds like you want to attack someone...

but yet, you can use curl to send a post request

 

I am NOT a hacker , but i don't like any one hack my pages.

 

how about typing in browser address bar something like "javascript:document.form.field.name="value";" or something similar.

 

I fully agree with your above first statement

see his other thread/answer
http://forums.digitalpoint.com/showthread.php?t=556356

these are very much hacker questions no site owner / site user ever needs to ask even in his sweetest nightmares or dreams!

I think it is a REALLY bad idea to give to such typical hacker questions any advice or help of any kind whatsoever!

mehdiali
your statement is impossible to belief
specially since you have NO own website registered in your DP forum profile - it is even uncertain that you have a website at all and all your questions posted I saw today have to do with hacking ANOTHER website
since to UPLOAD or communicate with OWN site - that howto is most simple and known to all and each of the legal site owners !!!

 

That PHP is most likely vulnerable but it all depends what you do with $user. If you have:

  $result = mysql_query("SELECT * FROM `users` WHERE `username` = '$user'");

PHP:

then you would be vulnerable to SQL injection attacks because you didn't validate the $user variable for SQL before using it.

If you have:

  echo("Hi, $user.  Welcome back");

PHP:

then you would be vulnerable to XSS attacks and CSRF attacks because you didn't validate $user for HTML before using it in HTML.

I would add, just before I ran the SQL query:

$mysqlsafe_user = mysql_real_escape_string($user);
$result = mysql_query("SELECT * FROM `users` WHERE `username` = '$mysqlsafe_user'");

PHP:

...and just before I echoed the HTML:

$htmlsafe_user = htmlentities($user);
echo("Hi, $htmlsafe_user.  Welcome back");

PHP:

Discussions of security often look like discussions of hacking because we are usually talking about the same topic. This information is provided to help webmasters and php coders avoid having their websites hacked. The same information could be used by a hacker to learn how to control other people's websites.

As long as the information is available to everyone then everyone has a fair chance. If we try to hide this information then no one will know how to secure their websites.