Webmasters, beware of the user inputs.

Dear webmasters, I know you’re probably aware that users can do a lot of things with the forms you let them fill on your websites.

But in case you didn’t know here is a really simple way to modify html content of the page you’re on.
With Google Chrome, open the developer tools (F12 on Windows operating systems). Click on the “Source” tab.
Double click on any value or code you want to change. Type whatever you want. That’s it

GoogleHack2

Of course it’s harmless if you just change text in the page for example. All the modifications will be gone on the next refresh of the page.

But if you have an HTML drop-down list on a page, asking you how many items you want to create, you can just change the value of the <select><option> and click on submit.
Unless the webmaster double check what you entered, you will be able to create 1000 items instead of the 5,10,15 or 20 planned by the webmaster.
My advice, double check with conditions all the values you get from users.

 

 

RockMarc

@DebuggingWorld

Advertisements

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: