.png)
3 months ago
29 BOOK THIS SPACE FOR AD
ARTICLE ADIn the Name of Allah, the Most Beneficent, the Most Merciful.
All the praises and thanks be to Allah, the Lord of the ‘Alamin (mankind, jinns and all that exists).
I hope you enjoyed Part 1 and Part 2. Here, I’m starting Part 3, which focuses on input validation vulnerabilities in OWASP Juice Shop. In this section, I’ll explore how inadequate server-side checks allow attackers to bypass frontend restrictions, including manipulating password lengths, circumventing review character limits, and spoofing review authors. These flaws highlight critical weaknesses in input handling that can be exploited to achieve unintended actions.
NOTE: I’ll add an important narrative at the end.
I tried inputting a long password via the web interface, but the signup button wouldn’t work. However, by intercepting the request and setting the password length to 448 characters (while the web interface only allows 40), I was able to sign up using a long password through Burp Suite.
Thirteenth vulnerability: Bypassing frontend password length restrictions by modifying the request payload.
In the review section, users are limited to 160 characters. However, I was able to bypass this restriction by intercepting the request through Burp Suite and submitting a review longer than 160 characters.
Fourteenth vulnerability: Bypassing frontend character limit for reviews by modifying the request payload.
I noticed a parameter called author when posting a review, which contains the email of the person making the review. By changing it to another user's email, the review is posted under that user's email.
Fifteenth vulnerability: Spoofing reviews by modifying the author parameter to another user’s email.
That’s all for now. Thanks for reading! Don’t forget to drop a like. You can sign up to get the next write-up delivered straight to your inbox.
Look-up Part 1 & 2:
For any suggestions or Correction, Kindly reach out to me:
Twitter — callgh0st
In the context of practicing and improving security skills, the hadith of the Prophet Muhammad (peace be upon him) teaches us that “The deeds most loved by Allah are those done regularly, even if they are small.” This principle aligns with the approach of gradually and consistently improving our skills. Just as maintaining small, regular acts of worship leads to spiritual growth, consistently practicing and refining security techniques, even in small increments, By focusing on small, incremental improvements regularly, we build a strong foundation and achieve more significant progress over time.
Bengali (Bangladesh) · 
English (United States) ·