Posted by Admin in Questions & Answers
Besides changing cookies (in my previous tutorial), you can change other things as well. One of them is changing form values.
Consider the following text field in a money transfer form:
<form action=”submit.php” method=”post”>
<input name=”amount” type=”hidden” value=”1? />
Assume that above code is the source code extract from a form which sends $1 to your account every time the form is submitted. Lets say that you want to receive $100, how would you do that? The problem in this form is that this form remains invisible since its type is set hidden and neither can you change the value of the invisible field.
The value of the input named amount will change to 100 by applying above injection. The syntax to change form is,
The Green colored text must contain numerical value, the numerical value is the form number where 0 means the first form and 1 means the second form. The orange colored text must contain the name of the input type. For example, in the above form we’ve input name of first form as amount. The blue colored form contains the value to be kept in the input form.
Have a look at following image demo:
You have the form that cannot be modified directly but it is visible.
Now when you press OK button, you’ll have the form value changed eventually.
In this way you can change the form value easily.
And for some extra fun you can change the title of the website by using following code:
This will change the title of the website.
Hope you had fun reading this tutorial.