使用App Scripts打开表单并进行选择

时间:2013-12-05 20:55:27

标签: security google-apps-script google-form penetration-testing

简单地说,我正在测试一个Google驱动器表单,该表单将记录学校选举的投票,以确保它是安全的。

有没有办法从共享网址和列表/输入数据中打开表单?简而言之,我是否可以编写一个脚本,就像机器人一样投票并试图破坏表单?

示例网址:http://docs.google.com/forms/d/RANDOM_STRING/viewform

1 个答案:

答案 0 :(得分:6)

修改:2014年底的某段时间,Google表单服务的更改使此黑客无效。查看Is it possible to 'prefill' a google form using data from a google spreadsheet?How to prefill Google form checkboxes?以获取依赖于Form方法的解决方案。

Google表单在显示为“实时表单”时,只是一个HTML表单,包含表单的所有常规行为。您可以查看实时表单的HTML源代码,并获取有助于您模拟POST请求的信息。

HTML表格

例如,查看Spreadsheet Email Trigger中的表单。这是表单HTML,为了便于阅读而进行了清理:

<form action="https://docs.google.com/spreadsheet/formResponse?formkey=#FORMKEY#&amp;ifq"

 method="POST" id="ss-form">

  <br>
  <label class="ss-q-title" for="entry_0">First Name
    <span class="ss-required-asterisk">*</span>
  </label>
  <label class="ss-q-help" for="entry_0"></label>
  <input type="text" name="entry.0.single" value="" class="ss-q-short" id="entry_0">
  <br>
  <label class="ss-q-title" for="entry_1">No of User
    <span class="ss-required-asterisk">*</span>
  </label>
  <label class="ss-q-help" for="entry_1"></label>
  <select name="entry.1.single" id="entry_1">
    <option value="5">5</option>
    <option value="10">10</option>
    <option value="20">20</option>
    <option value="30">30</option>
  </select>
  <br>
  <label class="ss-q-title" for="entry_2">Email ID
    <span class="ss-required-asterisk">*</span>
  </label>
  <label class="ss-q-help" for="entry_2"></label>
  <input type="text" name="entry.2.single" value="" class="ss-q-short" id="entry_2">
  <br>
  <input type="hidden" name="pageNumber" value="0">
  <input type="hidden" name="backupCache" value="">


  <input type="submit" name="submit" value="Submit">
  <div class="password-warning">Never submit passwords through Google Forms.</div>
</form>

此屏幕截图中标有重要元素:

Form HTML

模拟Google表单提交的脚本

通过操作URL和字段名称,我们可以编写一个函数来编程提交表单,方法是修改the UrlFetch documentation中的示例:

// Simulate POST to form
function sendHttpPost() {

  // Copy the entire URL from <form action>
  var formAction = "https://docs.google.com/spreadsheet/formResponse?formkey=#FORMKEY#&amp;ifq";

  var payload = {
    "entry.0.single": "Nelson",            // First Name
    "entry.1.single": "10",                // No of users
    "entry.2.single": "user@example.com"   // Email ID
  };

  // Because payload is a JavaScript object, it will be interpreted as
  // an HTML form. (We do not need to specify contentType; it will
  // automatically default to either 'application/x-www-form-urlencoded'
  // or 'multipart/form-data')

  var options = {
    "method": "post",
    "payload": payload
  };

  var response = UrlFetchApp.fetch(formAction, options);
}

结果

以上是上述脚本的结果,表单响应已添加到电子表格中。

Screenshot

相关问题
最新问题