--- Malcolm Ferguson <[EMAIL PROTECTED]> escribió: > Roberto Sanchez wrote: > > >POST /mypay.asp HTTP/1.1 > >Host: mypay.dfas.mil > >User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) > >Content-Length: 44 > > |-HiddenVal=Netscape5.0+%28Windows%3B+en-US%29 > > > > > >POST /mypay.asp HTTP/1.1 > >Host: mypay.dfas.mil > >Content-Length: 40 > > |-HiddenVal=Netscape5.0+%28X11%3B+en-US%29 > > > > Some web servers don't check the method verb, thus you can use the GET > method with POST data in the URL. You might be able to do something like: > > <https://mypay.dfas.mil/mypay.asp?HiddenVal=Netscape5.0+%28Windows%3B+en-US%29> > > I haven't tried this trick for a while, so I might have formulated it > incorrectly, but I have done it before. >
I tried this but it didn't work. HiddenVal was still showing up with X11 even when I fed Windows into the URL like you suggested. > > >I used wget to download the two .asp scripts that run when you first bring > >up the page, but I could not find in the browser identification code where > >this particular information was pulled from. > > > > If you're posting your UA string, then either there's some client side > script that has done this, perhaps via DHTML or whatever it's called > (thus it won't appear if you wget the page), or it was detected on a > earlier page and IIS inserted it in to the content before serving it > (presumably it would then be visible with wget). You've got it working > with a non-IE browser under Windows, so there is no MSFT hidden logic > here. Does any of this work if you disable JavaScript? > The site does not even load with JScript disabled. How else might IIS be obtaining the string? > Malc > -Roberto ___________________________________________________ Yahoo! Messenger - Nueva versión GRATIS Super Webcam, voz, caritas animadas, y más... http://messenger.yahoo.es -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
