[amirab]

Hey ,
I wanted to know is there anyway to find an URL Query String ?
i mean like these sites : blahblah.com/blah.php?a=blah&b=blah&.....

like samp forums : http://forum.sa-mp.com/newthread.php?do=newthread&f=23

but i want to find and get it from another website because it's hidden or using HTML Post way

this is the website : http://globfone.com/sms/

[KingHual]

there isn't unless you have the source code or scan the whole website for form info

[Extremo]

If you're looking for remote file inclusion vulnerabilities, javascript injections, SQL injections or any other known vulnerability, you're going to have to look for it on your own. No one here is going to help you and tell you whether some website you don't like has a vulnerability, or whether the URL inputs are sanitized or not.

EDIT: If you're looking to remotely send text messages to that site, simply POST your own form to their respected pages and simulate user-input.

[Mauzen]

You can find the POST data e.g. with wireshark. Needs some knowledge, but it works.

[GWMPT]

Quote:

Originally Posted by amirab i mean like these sites : blahblah.com/blah.php?a=blah&b=blah&..... but i want to find and get it from another website because it's hidden or using HTML Post way

These websites are running apache's mod_rewrite with direct URL management on the Server side, so there are no GET parameters to be passed over the URL(besides the URL itself).

Little example from the Slim Framework:

PHP код:

$app->get("/User/:name", function($name) {
    echo "Hello there {$name}!";
}); 


So, when You access the website URL "blablabla.com/User/GWMPT", the page will output:
Hello there GWMPT!

And like you can see, there are no GET variables being passed over the URL.

[Mauzen]

Also seems to use captchas. So even if you can send an automated request somehow, you wont be able to send SMS automatically from your script or whatever.

[Crystallize]

Quote:

Originally Posted by Extremo If you're looking for remote file inclusion vulnerabilities, javascript injections, SQL injections or any other known vulnerability, you're going to have to look for it on your own. No one here is going to help you and tell you whether some website you don't like has a vulnerability, or whether the URL inputs are sanitized or not. EDIT: If you're looking to remotely send text messages to that site, simply POST your own form to their respected pages and simulate user-input.

We have a badass blackhat over here :P
And you're right about everything you said

[KingHual]

[StuartD]

^

[Extremo]

Quote:

Originally Posted by Wizzard2H We have a badass blackhat over here :P And you're right about everything you said

Actually, knowing things doesn't make me a blackhat. My intentions would and I said no one will help him, hence my intention was good and not malicious and hence that'd make me a whitehat.