Solved

WAF assessment HTTP Method

  • 30 January 2024
  • 2 replies
  • 36 views

Badge

We are running WAF assessment on an URL that has a form. We expect some checks, i.e. SQL Injections, to use the fields and method, but the report doesn’t show the form id and the method for that URL is still GET, despite the type is form.

The form is pretty basic, no funny javascript mess, however, it hasn’t the id attribute.

<form method="POST" action="some_action" name="some_name">
<input name="field1" type="hidden" value="">
...
</form>

Can we force the POST method for that URL?

 

Regards,

icon

Best answer by renier_steyn 30 January 2024, 13:28

View original

2 replies

Userlevel 2
Badge

Hi @maguero 

Thank you for contacting us. There are some scenarios where a website with a form may not be detected as such, eg. when it is dynamically rendered. 

In order for us to dig into details, can I ask that you share this message with support@cymulate.com. Our team can then coordinate the best resources to assist you in validating the controls for the specific URL.

Kind regards,
Renier

Badge

Hi,

 

We just want to try this channel before contact support. We did already so we can follow the issue internally.

 

Thanks and kind regards,

Marcos

Reply