Part 3 JS Validation Bypass Demo

Video Activity

This lesson offers participants a demonstration of JavaScript Validation Bypass. Using mutillidea to set the security level to 1, coders can get around JavaScript validation and can insert anything desired for information such as a username, ect.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

MicroCourse
Time
9 hours 31 minutes
Difficulty
Beginner
CEU/CPE
3
Video Description

This lesson offers participants a demonstration of JavaScript Validation Bypass. Using mutillidea to set the security level to 1, coders can get around JavaScript validation and can insert anything desired for information such as a username, ect.

Video Transcription
00:04
Hello and welcome to the side. Very secure coding. Course my name Miss anywhere in this season's top 25 Porous defenses. Demo job script Validation Bypass.
00:17
This is the demo for John Script validation Bypass.
00:21
So first of all, in Mattila Day, we want to set our security level to one which will actually have job script validation performed within the page.
00:34
So in order to see the job script validation, let's go ahead and put something into our text box that violates the rules. So we'll put a tick here
00:46
and take care.
00:50
And as you can see, we get the message. Dangerous character detected.
00:55
Okay, So in order to get around JavaScript validation, it's quite tribunal.
01:02
Uh, what we'll do is go ahead and put something in here that we know would be acceptable. Some letters.
01:10
We're going to turn our birth sweet on
01:14
Turner. Intercept on.
01:18
So now we've captured the request. We've gotten past the job script validation,
01:23
and we are now able to insert anything that we like for user name. So let's go ahead and put our tick.
01:32
And why not? Let's go ahead and try
01:37
sequel injection.
01:42
Okay, so this is my sequel injection statement.
01:48
I'll go ahead and forward that.
01:52
And as you can see, I am successfully logged in this admin. That's just because it's the lowest account.
01:59
So this is a quick demonstration of how it's very trivial to get past job script validation,
02:07
and so because of that,
02:09
we should never rely on that in making any kind of security decisions.
Up Next