Vulnerability in EPiServer.Forms
I want to have a HTML form which is totally hiidden except for the submit "button" to be sent to a seconf webserver with all form fields are filled in invisble to the user and send with the POST option to retrieve records from a dataabse that open a window with info from the second server.
I have entered the form using HTML directly, but when viewing the page the URL part of the Form action is removed. Probably when the page was updated by the HTML editor and saved and published. The second server will thus never by addressed.
How can I stop this beahviour?
Can you post some fragments from code / markup?
Here you go.
<form action="here goes to url to the second server" method=POST><input type="hidden" name="GroupID" value="HQ"><input type="hidden" name="Language" value="English"><input type="hidden" name="TheCategory" value="Courses"><input type="hidden" name="TitleSearchText" value="Course 1234"><input type="hidden" name="Courses" value="Classroom"><input type=hidden name=CampusIDstr value="8"><input type=hidden name=FromDate value="10/01/2013"><input type=hidden name=ToDate value="12/31/2014"><input type="submit" value="Enroll"></form>
What happens is that the URL is removed and becomes an empty string. Making the form pasting to the server where the the code is located.
Are you sure you don't have any url rewriter that is intercepting responses and rewriting? I just tried on AlloyTech sample site.
I am just a content writer and has no clue about how the server is set up.