GCIH · Question #550
How could an attacker bypass client-side filtering of user input?
The correct answer is A. By using a web proxy tool. Note that the attacker may have to bypass any client-side filtering of the characters. For example, a lot of Web applications use JavaScript in the browser to filter out different characters that they do not want to be sent in to the application. It is very easy for an attacker t
Question
How could an attacker bypass client-side filtering of user input?
Options
- ABy using a web proxy tool
- BBy disabling unsigned Active X controls in Internet Explorer
- CBy cracking SSL keys
- DBy breaking into the web server and disabling filtering
How the community answered
(35 responses)- A71% (25)
- B3% (1)
- C17% (6)
- D9% (3)
Explanation
Note that the attacker may have to bypass any client-side filtering of the characters. For example, a lot of Web applications use JavaScript in the browser to filter out different characters that they do not want to be sent in to the application. It is very easy for an attacker to get around this. They could use a customized browser or they could use a web proxy tool.
Topics
Community Discussion
No community discussion yet for this question.