cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: CURL Post Form data

From: <rakesh.sharma2_at_wipro.com>
Date: Thu, 18 Dec 2008 11:56:16 +0530

Hi Mitchell,
                 This server is not publically available so I cannot
provide the URL. Sorry for this.
Actullay I am not very good at Java scripts and it seems to be the
javascript problem. I can provide you the part of the page source where
I am facing the problem. Also during the initial login to URL using
Mozilla Firefox Browser , I can see in Live HTTP Header output that it
gets
GET /something/jsp/ActiveCall.jsf HTTP/1.1
:
:
GET /something
/jsLibs/Common1_0_9.js;jsessionid=371DF5AF9BB5AB0F44065C8660A865F1
HTTP/1.1
:
:
 
The form which i am trying to post is :
</form>
</center>
        <script type="text/javascript">var _AdfWindowOpenError='A popup
window blocker has been detected in your browser. Popup blockers
interfere with the operation of this application. Please disable your
popup blocker or allow popups from this site.';</script><script
type="text/javascript"
src="/adf/jsLibs/Common1_0_9.js;jsessionid=371DF5AF9BB5AB0F44065C8660A86
5F1"></script><!--Start: javax.faces.Form["ActiveCallForm"]--><form
id="ActiveCallForm" name="ActiveCallForm" class="formstyle"
enctype="multipart/form-data" method="POST" onkeypress="return
_submitOnEnter(event,'ActiveCallForm');"
action="/jsp/ActiveCall.jsf;jsessionid=371DF5AF9BB5AB0F44065C8660A865F1"
>
                <html>
/* some thing is there.. And following are the field names which are to
be submitted*/
<tr>

                <td class="pagecolumn1">CID :</td>

                
<!--Start: javax.faces.Panel["_id18"]-->
                <td class="pagecolumn2"><!--Start:
javax.faces.Input["CidInputText"]--><input
id="ActiveCallForm:CidInputText" type="text"
name="ActiveCallForm:CidInputText" maxlength="13"></td>
                
</tr>
 
<tr>

                <td class="pagecolumn1">NAD Id :</td>
                
<!--Start: javax.faces.Panel["_id20"]-->
                <td class="pagecolumn2"><!--Start:
javax.faces.Input["nadIdInputText"]--><input
id="ActiveCallForm:nadIdInputText" type="text"
name="ActiveCallForm:nadIdInputText" maxlength="14"></td>
                
</tr>
 
/* And finally*/
 
<tr>

                <td class="pagecolumn1"><!--Start:
javax.faces.Command["sendActCall"]--><input
id="ActiveCallForm:sendActCall" name="ActiveCallForm:sendActCall"
type="submit" value="Send"
onclick="submitForm('ActiveCallForm',1,{source:'ActiveCallForm:sendActCa
ll'});return false;" class="button"></td>
                
</tr>
</tbody>
</table>
</td>
        
</tr>
</tbody>
</table>

        <input type="hidden"
name="org.apache.myfaces.trinidad.faces.FORM"
value="ActiveCallForm"><!--Start:
org.apache.myfaces.trinidad.Form--><span
id="tr_ActiveCallForm_Postscript"><input type="hidden"
name="org.apache.myfaces.trinidad.faces.STATE" value="!-625bfb94"><input
type="hidden" name="source"><script
type="text/javascript">TrPage.getInstance()._addResetFields('ActiveCallF
orm',["source"]);</script><script type="text/javascript">function
_ActiveCallFormValidator(f,s){return _validateInline(f,s);}var
ActiveCallForm_SF={};</script></span><script
type="text/javascript">_submitFormCheck();</script></form>

</body>
</html>
  
The "org.apache.myfaces.trinidad.faces.STATE" value is the one which
gets incremented with every POST to the URL.
When the post request is accepted by the server, it should give status
message as I see in the Live HTTP Header output:
 
HTTP/1.x 302 Moved Temporarily
Date: Thu, 18 Dec 2008 06:16:43 GMT
Location: http://something/jsp/ActiveCall.jsf
<http://jsp/ActiveCall.jsf>
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
 
But I am not getting this status message. I am directly getting:
 
HTTP/1.x 200 OK
Date: Thu, 18 Dec 2008 06:16:45 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Connection: close

and getting me the page http://something/jsp/ActiveCall.jsf
<http://jsp/ActiveCall.jsf>
 
Please help me out as I am totally blocked here.
 
Thank's
Rakesh
 
 
 

________________________________

From: curl-library-bounces_at_cool.haxx.se
[mailto:curl-library-bounces_at_cool.haxx.se] On Behalf Of Ralph Mitchell
Sent: Wednesday, December 17, 2008 9:31 PM
To: libcurl development
Subject: Re: CURL Post Form data

On Tue, Dec 16, 2008 at 11:01 PM, <rakesh.sharma2_at_wipro.com> wrote:

        Yes, the field that changes, is submitted evey time. Every time
we login
        to the URL, intial value of this field will be some non
predictable
        value. For every we docurl_easy_perfom(), it will get
incremented.
        I tried with capturing the previous value and submiting this
field in
        the form after incrementing it. But no improvement shown.
        
        Can we do anything for this issue ?

Is the server publically available, and can you give us the url??
Someone else might be able to see something you missed, or it may be
possible to do something with the javascript.

For example, a couple of months ago I was writing a script to check out
a web server, and found that the first page resubmitted itself after
generating a 68 character string of random letters in javascript. It
turned out that I could extract the javascript function and push it
through a javascript interpreter and capture the output to send back to
the server.

I think I just got lucky with that one, but that same approach *might*
work for others.

Ralph Mitchell

Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
Received on 2008-12-18