1 of 1

NodeJS - Client Side Restriction Bypass

Running the app on Docker

Now that the app is running let's go hacking!

Reconnaissance

The app allows us to select a number between 3 and 13 from the number input form. Let's also try typing numbers outside that interval directly into the field.

Exploitation

We could intercept and modify the request on Burp:

Or alternatively, use devtools to modify the client-side restrictions directly:

And goal achieved! We could bypass the client-side restrictions.

Additional sources

NodeJS - Client Side Restriction Bypass

Running the app on Docker

$ sudo docker pull blabla1337/owasp-skf-lab:js-client-side-restriction-bypass

$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:js-client-side-restriction-bypass

Now that the app is running let's go hacking!

Reconnaissance

The app allows us to select a number between 3 and 13 from the number input form. Let's also try typing numbers outside that interval directly into the field.

Exploitation

We could intercept and modify the request on Burp:

Or alternatively, use devtools to modify the client-side restrictions directly:

And goal achieved! We could bypass the client-side restrictions.

Additional sources

$ sudo docker pull blabla1337/owasp-skf-lab:js-client-side-restriction-bypass

$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:js-client-side-restriction-bypass

NodeJS - Client Side Restriction Bypass

hashtagRunning the app on Docker

hashtagReconnaissance

hashtagExploitation

hashtagAdditional sources

NodeJS - Client Side Restriction Bypass

hashtagRunning the app on Docker

hashtagReconnaissance

hashtagExploitation

hashtagAdditional sources

Running the app on Docker

Reconnaissance

Exploitation

Additional sources

Running the app on Docker

Reconnaissance

Exploitation

Additional sources