Part 3 JS Validation Bypass Demo

Video Activity

This lesson offers participants a demonstration of JavaScript Validation Bypass. Using mutillidea to set the security level to 1, coders can get around JavaScript validation and can insert anything desired for information such as a username, ect.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Description

This lesson offers participants a demonstration of JavaScript Validation Bypass. Using mutillidea to set the security level to 1, coders can get around JavaScript validation and can insert anything desired for information such as a username, ect.

Video Transcription
00:04
Hello and welcome to the side. Very secure coding. Course my name Miss anywhere in this season's top 25 Porous defenses. Demo job script Validation Bypass.
00:17
This is the demo for John Script validation Bypass.
00:21
So first of all, in Mattila Day, we want to set our security level to one which will actually have job script validation performed within the page.
00:34
So in order to see the job script validation, let's go ahead and put something into our text box that violates the rules. So we'll put a tick here
00:46
and take care.
00:50
And as you can see, we get the message. Dangerous character detected.
00:55
Okay, So in order to get around JavaScript validation, it's quite tribunal.
01:02
Uh, what we'll do is go ahead and put something in here that we know would be acceptable. Some letters.
01:10
We're going to turn our birth sweet on
01:14
Turner. Intercept on.
01:18
So now we've captured the request. We've gotten past the job script validation,
01:23
and we are now able to insert anything that we like for user name. So let's go ahead and put our tick.
01:32
And why not? Let's go ahead and try
01:37
sequel injection.
01:42
Okay, so this is my sequel injection statement.
01:48
I'll go ahead and forward that.
01:52
And as you can see, I am successfully logged in this admin. That's just because it's the lowest account.
01:59
So this is a quick demonstration of how it's very trivial to get past job script validation,
02:07
and so because of that,
02:09
we should never rely on that in making any kind of security decisions.
Up Next
Secure Coding

In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.

Instructed By