Mutillidae - Client-side Control Challenge

Mutillidae – Client-side Control Challenge

In this walk through, we will be going through the Client-side Control Challenge vulnerability section from Mutillidae Labs. We will be exploring and exploiting Client-side Control in form fields and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

Client-side Control Challenge

Security Level: 0 (Hosed)

  • Setting the security level to 0 or Hosed.

Security level 0

Form Fields

1. Text Box

Text Box

Source code

Client side changes done

2. Read-only text box

Read-only Text Box

Source code

Client side changes done

Read-only Text Box

3. Short Text Box

Short Text Box

Source code

Client side changes done

Short Text Box

4. Disabled Text box

Disabled Text Box

Source code

Client side changes done

Disabled Text Box

5. Hidden Text box

Hidden Text Box

Source code

Client side changes done

Hidden Text Box

6. Secured by Javascript Text Box

Secured by JavaScript Text Box

Source code

Client side changes done

Secured by JavaScript Text Box

7. Vanishing Text box

Vanishing Text Box

Source code

Client side changes done

Vanishing Text Box

8. Shy Text Box

Shy Text Box

9. Search Textbox

Search Textbox

Source code

Client side changes done

Search Textbox

10. Password

Password

11. Drop-down Box

Drop-down Box

Source code

Client side changes done

Drop-down box

12. Checkbox

Checkbox

Source code

Client side changes done

Checkbox

13. Radio Button

Radio Button

Source code

Client side changes done

Radio Button

14. Email Control

Email Control

Source code

Source code

Client side changes done

Email Control

15. Number

Number

Source code

Client side changes done

16. Range

Range

Source code

Client side changes done

Range

Also Read: Mutillidae – Cascading Style Injection (Set Background Color)

Conclusion:

Conclusion

So, we finally completed all the security levels for the Client-side Control Challenge Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Next, we can mitigate the potential Client-side control attacks by processing data more on the server side and not give the user the access to interfere with the application’s logic by manipulating data on client side. On that note, i will take your leave and will meet you in next one with another Mutillidae vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top