We are running WAF assessment on an URL that has a form. We expect some checks, i.e. SQL Injections, to use the fields and method, but the report doesn’t show the form id and the method for that URL is still GET, despite the type is form.
The form is pretty basic, no funny javascript mess, however, it hasn’t the id attribute.
<form method="POST" action="some_action" name="some_name">
<input name="field1" type="hidden" value="">
...
</form>Can we force the POST method for that URL?
Regards,
Hi
Thank you for contacting us. There are some scenarios where a website with a form may not be detected as such, eg. when it is dynamically rendered.
In order for us to dig into details, can I ask that you share this message with support@cymulate.com. Our team can then coordinate the best resources to assist you in validating the controls for the specific URL.
Kind regards,
Renier
Hi,
We just want to try this channel before contact support. We did already so we can follow the issue internally.
Thanks and kind regards,
Marcos
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
