A Perfect example for HTML 4.01 forms.

HTML 4.01 is used widely and forms are everywhere. This isn’t HTML5 which makes things easy. Forms had been a part of the HTML specification and after years of use, it has dominated for day to day web-page creation to provide the flexibility of the users to submit there requests using HTTP protocols. Here’s is a perfect example for demonstration:

 

 

This is a HTML form demonstration:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
    "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
    <head>
        <title> Form </title>
    </head>

    <body>
        <p> This is a HTML 4.01 form demonstration <br> </p>

        <form action="#" method="POST">
        <table>
            <tr>
                <td> First Name </td>
                <td><input type="text" name="firstname" id="firstname"/></td>
            </tr>
            <tr>
                <td> Last Name </td>
                <td><input type="text" name="lastname" id="lastname"/></td>
            </tr>
            <tr>
                <td>Password</td>
                <td><input type="password" name="passwd" id="passwd"/></td>
            </tr>
            <tr>
                <td>Gender:</td>
                <td>
                    <input type="radio" value="male" name="gender"/>Male
                    <input type="radio" value="female" name="gender"/>Female
                </td>
            </tr>
        </table>
        <table>
            <p>Demonstration for Radio Buttons<br/></p>
            <tr>
                <td valign="top">Age Range</td>
                <td>
                    <input type="radio" value="0" name="age" />Age Under 18<br/>
                    <input type="radio" value="1" name="age" />Age 18+<br/>
                </td>
            </tr>
        </table>
        <br/>
        <table>
            <tr>
                <td valign="top">Hacks you'd like</td>
                <td>
                    <input type="checkbox" value="Web Application Pentest" name="webapp"/>Web Application Penetration Test<br/>
                    <input type="checkbox" value="Network Intrusion" name="networkint"/>Network Intrusion<br/>
                </td>
            </tr>
        </table>
        <p>Your selection of food items for the hack today!<br/></p>
            <form action="#" method="POST">
                <select name="food" size="3" multiple="multiple">
                    <option value="continental">Continental</option>
                    <option value="thai">Thai</option>
                    <option value="indian">Indian</option>
                    <option value="afgan">Afganisthani</option>
                    <option value="chinese">Chinese</option>
                    <option value="japanese">Japanese</option>
                </select>
            </form>
            <br/>
        <table>
            <tr>
                <td><input type="reset"></td>
                <td><input type="submit" value="Send Information"/></td>
            </tr>
        </table> <br/>
        </form>
    </body>
</html>

That was a beautiful HTML 4.01 code, this is least required for web-development. Apart from web-development, I had posted this here because familiarity with web-page coding is minimal requirement for any serious web application penetration tester. Remember, this blog belongs for web application penetration testing and not for web-development. The minimal requirements needed for web-dev is mentioned in this blog (look at the various sections in this blog). Apart from everything else, I had kept the code clean using style tables which has three elements:

1.) Table Tag
2.) Table Row
3.) Table Data

Table columns are not needed at this point because there are no columns which could be required for information retrieval from the user in that representative arena. However, if one argues the web-dev approach for some unknown reason, this could be accomplished. The point is to show for HTML 4.01 forms work and their use. The ‘#’ on the action attribute denotes that we really do not have anything processed at the moment. A back-end language such as PHP, ASP, etc helps. That apart, the form uses ‘POST’ as HTTP method or verb for carrying out the information to the URL mentioned in the ‘action’ attribute. Below is a snippet of how the browser renders the code:

 

HTML 4.01 Form

HTML 4.01 Form

 

This is something neat. The form demonstrates:

  • Radio Buttons
  • Check Buttons
  • POST submission
  • Table Rows
  • Reset Feature

The code be useful for those willing to know the basics of web-page on HTML 4.01 development prior to taking up web application pentest seriously. This not only assists in enumeration and knowing what the application does but also eliminates the negativity of false positives because we are now more precise about the application and it’s usage.

Advertisements

Looking for intellectual opinions. Feedbacks are welcome!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s