It is possible (I've done it) to find out all the variables
that make up a form on a particular site, generate a
similar form on your site with that form's action being
the CGI/PHP script that the particular site uses to process
the form once submitted, modify the values for the form
variables to be anything you want and submit the form
that resides on your site. This will basically submit totally
fabricated data to the foriegn site and possibly screw them
up somehow and/or in some way.
Is there any way to defend against this? Is there any way
to ensure that when a form is submitted that the submission
request originated from your site/domain and not somewhere
else?
Any help would be greatlyl appreciated.
Chris
