Well, I think I achieved this by leaving the fields blank (fields 1-7), then putting the following crap values in by typing the following into the browser: http://localhost:8080/WebGoat/attack?field1=crap&field2=crap&field3=crap&field4=crap&field5=crap&field6=crap&field7=crap
This gave me... Parameters from HTTP Request field1 -> crap field2 -> crap field3 -> crap field4 -> crap field5 -> crap field6 -> crap field7 -> crap * Server side validation violation: You succeeded for Field1. Server side validation violation: You succeeded for Field2. Server side validation violation: You succeeded for Field4. Server side validation violation: You succeeded for Field5. Server side validation violation: You succeeded for Field6. Server side validation violation: You succeeded for Field7. I didn't get the clientside validation error (javascript found form errors: bad field1 etc) and the fields were populated with the "crap" strings. The hints for this lesson are as follows: - The validation is happening in your browser. - Try modifying the values with a proxy after they leave your browser - Another way is to delete the JavaScript before you view the page Cheers, Vanessa On Sep 13, 6:00 am, Ice-Man <[EMAIL PROTECTED]> wrote: > Hi, everyOne, > Hey, 'Web Application Security Threats and Counter-measures' is > great Lab so that we get good insigt of Web Threats and to get procted > about then. > But, I couldn't even figure it out how to How to bypass client > sidejavascriptvalidation. > Could someone please give me a tip/idea?!! :o > Thanks a lot, > > Ice-Man --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Java EE (J2EE) Programming with Passion!" group. To post to this group, send email to java-ee-j2ee-programming-with-passion@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/java-ee-j2ee-programming-with-passion?hl=en -~----------~----~----~----~------~----~------~--~---
