Web application security - the fast guide 1.1 | Page 98
Chapter 5 - Attack Execution the client
P a g e | 98
Attacker might try to alter the allowed max length to enable free entry in the
field
Attack requirement:
No server side check on the input length.
Attack process
A. Using a proxy capture the response containing the page with the form.
B. Alter the value of max length directly as required
C. Submit the form.
This might help to initiate buffer overflow or SQL injection or Cross site
scripting attack.
Example:
In this example we will be using OWASP Mutillidaeas a testing environment
In this form the maxlength attribute is restricting the size of password to (20) we
will change that to be able to write a syntax that will initiate sql injection attack.
1- Using Burp we will capture the response for login page
2- Alter the maxlength attribute to be 255.
3- Edit the text in pa ssword field to be
Password’ or ‘any’=’any
4- Submit the form , if the form is receiving server script is vulnerable to SQL
injection attack we will get admin privileges.
Figure 37:the figure shows how to capture the response with Burp suite