Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
2.5k views
in Technique[技术] by (71.8m points)

security - Use App Scripts to open form and make a selection

To put this briefly I am testing a Google drive form that will record votes for a school election to ensure that it is secure.

Is there a way to open a form from the shared URL and list/input data? In short, can I write a script to act like a bot that will vote and try to crash the form?

Sample URL: http://docs.google.com/forms/d/RANDOM_STRING/viewform

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Edit: Some time around the end of 2014 a change in the Google Forms service invalidated this hack. Look at Is it possible to 'prefill' a google form using data from a google spreadsheet? and How to prefill Google form checkboxes? for a solution that relies on the Form methods.


A Google Form, when shown as a "live form", is just an HTML Form, with all the regular behaviors of a form. You can view the HTML source of a live form, and get the information that will help you simulate POST requests.

HTML Form

For example, look at the form from Spreadsheet Email Trigger. Here is the form HTML, cleaned up for readability:

<form action="https://docs.google.com/spreadsheet/formResponse?formkey=#FORMKEY#&amp;ifq"

 method="POST" id="ss-form">

  <br>
  <label class="ss-q-title" for="entry_0">First Name
    <span class="ss-required-asterisk">*</span>
  </label>
  <label class="ss-q-help" for="entry_0"></label>
  <input type="text" name="entry.0.single" value="" class="ss-q-short" id="entry_0">
  <br>
  <label class="ss-q-title" for="entry_1">No of User
    <span class="ss-required-asterisk">*</span>
  </label>
  <label class="ss-q-help" for="entry_1"></label>
  <select name="entry.1.single" id="entry_1">
    <option value="5">5</option>
    <option value="10">10</option>
    <option value="20">20</option>
    <option value="30">30</option>
  </select>
  <br>
  <label class="ss-q-title" for="entry_2">Email ID
    <span class="ss-required-asterisk">*</span>
  </label>
  <label class="ss-q-help" for="entry_2"></label>
  <input type="text" name="entry.2.single" value="" class="ss-q-short" id="entry_2">
  <br>
  <input type="hidden" name="pageNumber" value="0">
  <input type="hidden" name="backupCache" value="">


  <input type="submit" name="submit" value="Submit">
  <div class="password-warning">Never submit passwords through Google Forms.</div>
</form>

Important elements are marked in this screenshot:

Form HTML

Script to simulate a Google Form submission

Armed with the action URL and field names, we can code a function to programmatically submit a form, by modifying the example from the UrlFetch documentation:

// Simulate POST to form
function sendHttpPost() {

  // Copy the entire URL from <form action>
  var formAction = "https://docs.google.com/spreadsheet/formResponse?formkey=#FORMKEY#&amp;ifq";

  var payload = {
    "entry.0.single": "Nelson",            // First Name
    "entry.1.single": "10",                // No of users
    "entry.2.single": "[email protected]"   // Email ID
  };

  // Because payload is a JavaScript object, it will be interpreted as
  // an HTML form. (We do not need to specify contentType; it will
  // automatically default to either 'application/x-www-form-urlencoded'
  // or 'multipart/form-data')

  var options = {
    "method": "post",
    "payload": payload
  };

  var response = UrlFetchApp.fetch(formAction, options);
}

Result

Here's the result of the above script, a form response has been added to the spreadsheet.

Screenshot


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...