Web application security - the fast guide 1.1 | Page 98

Chapter 5 - Attack Execution the client P a g e | 98 Attacker might try to alter the allowed max length to enable free entry in the field Attack requirement:  No server side check on the input length. Attack process A. Using a proxy capture the response containing the page with the form. B. Alter the value of max length directly as required C. Submit the form. This might help to initiate buffer overflow or SQL injection or Cross site scripting attack. Example: In this example we will be using OWASP Mutillidaeas a testing environment In this form the maxlength attribute is restricting the size of password to (20) we will change that to be able to write a syntax that will initiate sql injection attack. 1- Using Burp we will capture the response for login page 2- Alter the maxlength attribute to be 255. 3- Edit the text in pa ssword field to be Password’ or ‘any’=’any 4- Submit the form , if the form is receiving server script is vulnerable to SQL injection attack we will get admin privileges. Figure 37:the figure shows how to capture the response with Burp suite