suck-o.com

are there ways to hack web sites by adding tags to a url

say I have a form with a post or get value lets say its get the form has a field known as email which sends a password to that email I look at the code to find out where its page is redirected to say for example sendpasswrd.php

so instead of submitting the form I execute the command in the url

http://www.mysite.com/sendpasswrd.php?e ... yemail.com

I have heard of code being executed in this way any ideas

I am just curious for the sake of learning

Well I looked it up its possible to break into computers using UTF Illegal characters and exploiting vulnerabilities in these servers

Anyway my question is answered

Maboroshi

Tripod.com used to be real bad with coding for its logins. If you ran a packet sniffer on yourself while you logged in, you could catch your user/pwd in plain text. Angelfire used to submit new user NFO in plain text too. Running a packetsniffer could help you understand the process of login.

When I find a webserver I find its NOS/OS (network operating system), its version, and if it has been patched/updated. Old version of operating systems mean that there are plenty of published exploits for that version of NOS/OS. Searching Packet Storm, Altavista, antionline, whatever, will get you the latest 'sploit. I use copernic for searching zero day published code or hacks..

DNR

Maboroshi, there's a technique some people still use today. All you have to do is make a php page that accept's the "$_GET[];" var. so a url would look like this:
which actually would work. I've even done it my self.

right gogeta, XSS still works for many sites, it has been (unsuccessfully) tried on this board too a couple of times.
not only the GET-method is interesting, if the server is badly configured it may also allow TRACE and even DELETE....