WEBINAR:
On-Demand
Application Security Testing: An Integral Part of DevOps
Example 2. POST Request
Now, let's replace 'GET' with 'POST' in the form HTML tag:
<form method="post" action="hi.iq/register.jsp">
Name: <input type="text" name="name" value="J.Doe">
email: <input type="text" name="email" value="abuse@spamcop.com">
<input type="submit">
</form>
In this case, the HTTP request sent to the server looks like this:
POST register.jsp HTTP/1.1
Host: hi.iq
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2) Gecko/20021126
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1
Accept-Language: en-us, en;q=0.50
Accept-Encoding: gzip, deflate, compress;q=0.9
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 36
name=J.Doe&email=abuse%40spamcop.com
Example 3. Multipart POST Request
If the form contains file upload, you have to add
enctype="multipart/form-data" to the form tag. Otherwise, the file won't be
sent:
<form method="post" action="hi.iq/register.jsp" enctype="multipart/form-data">
Name: <input type="text" name="name" value="J.Doe">
email: <input type="text" name="email" value="abuse@spamcop.com">
file: <input type="file" name="file-upload">
<input type="submit">
</form>
This form will produce the following HTTP request when sent from Mozilla 5:
POST register.jsp HTTP/1.1
Host: hi/iq
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2) Gecko/20021126
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1
Accept-Language: en-us, en;q=0.50
Accept-Encoding: gzip, deflate, compress;q=0.9
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------29772313742745
Content-Length: 452
-----------------------------29772313742745
Content-Disposition: form-data; name="name"
J.Doe
-----------------------------29772313742745
Content-Disposition: form-data; name="email"
abuse@spamcop.com
-----------------------------29772313742745
Content-Disposition: form-data; name="file-upload"; filename="test.txt"
Content-Type: text/plain
test data with some high ascii: ¿Como estás?
-----------------------------29772313742745--