Lack of input validation

elated-colden · July 5, 2019, 9:38pm

Hi Colleagues

I just working on a project that has a few data validation. It just reported like three fields, and these fields save the data, the rest of the fields of the project are just for query data and reports.So I just being asked to search for these kind of inputs.

So given these rules,and seeing that the project have so many findings. What I should do ? I have some finding awaiting, but it’s a little bit tricky to report something that the project lacks.

infinite-loop · July 6, 2019, 6:04pm

If there are no more inputs that store data, there is nothing you can really do about it. I understand that finding new vulnerabilities in projects that already have many is sometimes hard, but that’s the challenge.

blue-snot · July 7, 2019, 5:28pm

For input validation, you could explore all related things regarding encoding:

https://www.slideshare.net/marco_morana/encoded-attacks-and-countermeasures-presentation

Topic		Replies	Views
Special character input validation hacking question	5	360	July 10, 2019
Tips for searching vulnerabilities hacking question	4	717	July 3, 2019
Vulnerability in an unused function hacking question , source	5	392	August 1, 2019
Common vulnerabilities on web applications hacking question	3	852	October 24, 2019
Test DB sensitive information on source code hacking question	1	321	August 23, 2019

Lack of input validation

Related Topics