A Perfect example for HTML 4.01 forms.

HTML 4.01 is used widely and forms are everywhere. This isn’t HTML5 which makes things easy. Forms had been a part of the HTML specification and after years of use, it has dominated for day to day web-page creation to provide the flexibility of the users to submit there requests using HTTP protocols. Here’s is a perfect example for demonstration:

 

 

This is a HTML form demonstration:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
    "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
    <head>
        <title> Form </title>
    </head>

    <body>
        <p> This is a HTML 4.01 form demonstration <br> </p>

        <form action="#" method="POST">
        <table>
            <tr>
                <td> First Name </td>
                <td><input type="text" name="firstname" id="firstname"/></td>
            </tr>
            <tr>
                <td> Last Name </td>
                <td><input type="text" name="lastname" id="lastname"/></td>
            </tr>
            <tr>
                <td>Password</td>
                <td><input type="password" name="passwd" id="passwd"/></td>
            </tr>
            <tr>
                <td>Gender:</td>
                <td>
                    <input type="radio" value="male" name="gender"/>Male
                    <input type="radio" value="female" name="gender"/>Female
                </td>
            </tr>
        </table>
        <table>
            <p>Demonstration for Radio Buttons<br/></p>
            <tr>
                <td valign="top">Age Range</td>
                <td>
                    <input type="radio" value="0" name="age" />Age Under 18<br/>
                    <input type="radio" value="1" name="age" />Age 18+<br/>
                </td>
            </tr>
        </table>
        <br/>
        <table>
            <tr>
                <td valign="top">Hacks you'd like</td>
                <td>
                    <input type="checkbox" value="Web Application Pentest" name="webapp"/>Web Application Penetration Test<br/>
                    <input type="checkbox" value="Network Intrusion" name="networkint"/>Network Intrusion<br/>
                </td>
            </tr>
        </table>
        <p>Your selection of food items for the hack today!<br/></p>
            <form action="#" method="POST">
                <select name="food" size="3" multiple="multiple">
                    <option value="continental">Continental</option>
                    <option value="thai">Thai</option>
                    <option value="indian">Indian</option>
                    <option value="afgan">Afganisthani</option>
                    <option value="chinese">Chinese</option>
                    <option value="japanese">Japanese</option>
                </select>
            </form>
            <br/>
        <table>
            <tr>
                <td><input type="reset"></td>
                <td><input type="submit" value="Send Information"/></td>
            </tr>
        </table> <br/>
        </form>
    </body>
</html>

That was a beautiful HTML 4.01 code, this is least required for web-development. Apart from web-development, I had posted this here because familiarity with web-page coding is minimal requirement for any serious web application penetration tester. Remember, this blog belongs for web application penetration testing and not for web-development. The minimal requirements needed for web-dev is mentioned in this blog (look at the various sections in this blog). Apart from everything else, I had kept the code clean using style tables which has three elements:

1.) Table Tag
2.) Table Row
3.) Table Data

Table columns are not needed at this point because there are no columns which could be required for information retrieval from the user in that representative arena. However, if one argues the web-dev approach for some unknown reason, this could be accomplished. The point is to show for HTML 4.01 forms work and their use. The ‘#’ on the action attribute denotes that we really do not have anything processed at the moment. A back-end language such as PHP, ASP, etc helps. That apart, the form uses ‘POST’ as HTTP method or verb for carrying out the information to the URL mentioned in the ‘action’ attribute. Below is a snippet of how the browser renders the code:

 

HTML 4.01 Form

HTML 4.01 Form

 

This is something neat. The form demonstrates:

  • Radio Buttons
  • Check Buttons
  • POST submission
  • Table Rows
  • Reset Feature

The code be useful for those willing to know the basics of web-page on HTML 4.01 development prior to taking up web application pentest seriously. This not only assists in enumeration and knowing what the application does but also eliminates the negativity of false positives because we are now more precise about the application and it’s usage.

Advertisements

Coding JavaScript

This is a demonstration code in Javascript.

 

<!-- one could put javascripts on 3 places, the head section is one of these three -->

<script language="javascript">// <![CDATA[
document.write("this is a <b>sample</b> javascript work file
"); // this is a document.write entity
document.write("this is another line from document write"); // put comments in javascript this way
document.write("
");
document.write("
");
document.write("
");
var operand1 = 13; // variable initialization and variable declaration combined
var operand2 = 5; // second variable initialization and declaration
document.write("The operand1 variable has a value: "+ operand1);
document.write("
");
document.write("The operand2 variable has a value: "+ operand2);
document.write("
");
document.write("Integer Sum of operand2 and operand1 is: "+ (operand2+operand1)); // sum of two operands
document.write("
");
document.write("
");
documen.write("method_call on 
");
document.write("
"); // give this a break .. we can get going from here

/*
This is a multi-lined comment, anything placed here is ignored by the browser, meant to have long comments, and meant to be working only under the context of javascript block code.
*/
/* I will declare the variables under the script */
// ]]></script>
<script language="javascript">// <![CDATA[
document.write("this is a <b>sample</b> javascript work file
"); // this is a document.write entity
document.write("this is another line from document write"); // put comments in javascript this way
// ]]></script>