Turning client-side validation on in Mutillidae and trying a sqli results in:
First I tried turning Javacript off entirely, but that mangled the page.
Then I intercepted the page in Burp and just commented out the validation before it reached my browser.
Alternatively, just submit the form programmatically (e.g. curl, python, ...). Or save the page and edit it...
Client-side validation seems pretty worthless for security purposes.
Then I intercepted the page in Burp and just commented out the validation before it reached my browser.
Alternatively, just submit the form programmatically (e.g. curl, python, ...). Or save the page and edit it...
Client-side validation seems pretty worthless for security purposes.
No comments:
Post a Comment