tom/darkly
1
0
Fork 0
mirror of https://github.com/tmoron/darkly.git synced 2025-09-27 20:58:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

error in input_validation readme

Browse Source
This commit is contained in:
tomoron
2025-04-08 17:25:01 +02:00
parent adea3bb76a
commit dcdf07b375
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
input_validation/README.md
View File

@ -7,13 +7,13 @@ Yes we can, and we get a flag.
## Utility of It ## Utility of It
This allows an attacker to: This allows an attacker to:
- Submit invalid or malicious data (e.g., score > 10). - Submit invalid or malicious data (e.g., score > 10).
- Manipulate application logic (e.g., gain unfair advantage or retrieve flags). - Manipulate application logic (e.g., gain unfair advantage or retrieve flags).
- Potentially exploit further vulnerabilities if the data is used insecurely elsewhere (e.g., SQL injection, XSS). - Potentially exploit further vulnerabilities if the data is used insecurely elsewhere (e.g., SQL injection, XSS).
## How Can We Patch It ## How Can We Patch It
- Validate all input on the server side regardless of client-side checks. - Validate all input on the server side regardless of client-side checks.
- Enforce boundaries (e.g., score must be between 0 and 10) on the backend. - Enforce boundaries (e.g., score must be between 0 and 10) on the backend.
- Use a schema validation library or built-in mechanisms to reject bad data. - Use a schema validation library or built-in mechanisms to reject bad data.
- Never trust client-side data blindly — browsers can be manipulated. - Never trust client-side data blindly — browsers can be manipulated.