search

Bypassing Client-Side Controls

hashtag
Bypassing Client-Side Controls

  1. Hidden Form Fields in HTML code.

  2. HTTP Cookies: Look set-cookie parameters of response,and find out something is interesting or not like(UID,SesssionID,DiscountPrice);

  3. URL parameters pollution

  4. referrer Header: from where the current req is originated , looks any tokens are leaked

  5. Opaque data: encrypted data params, look the all params when you create new acc. maybe some params leak in other functionality of the application so collect all parameters or track all params. obfuscation algorithm

  6. The ASP.NET ViewState:

  7. HTML forms: look input filed attributes and hidden input fields, disable elements

  8. script-based validation

PreviousLog4JNextBACKUP FILES /Backup Archives:

Last updated