Bypass Client Side JavaScript Validation

  • Client-side validation should not be considered a secure means of validating parameters

  • These validations only help reduce the amount of server processing time for normal users who do not know the format of required input

  • Attackers can bypass these mechanisms easily in various ways

  • Any client-side validation should be duplicated on the server side

  • This will greatly reduce the likelihood of insecure parameter values being used in the application

Solution:

There are two ways to complete this lesson…

The first one is to submit a valid request like the one from the screenshot above and intercept this using WebScarab.

The second way is to intercept the HTTP Response when loading the page and remove the JavaScript that validates the values.

PreviousXXE InjectionNextSpoof an Authentication Cookie

Last updated