$ sudo docker pull blabla1337/owasp-skf-lab:java-client-side-restriction-bypass
$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:java-client-side-restriction-bypass
{% hint style="success" %} Now that the app is running let's go hacking! {% endhint %}
The app allows us to select a number between 3 and 13 from the number input form. Let's also try typing numbers outside that interval directly into the field.
We could intercept and modify the request on Burp:
Or alternatively, use devtools to modify the client-side restrictions directly:
And goal achieved! We could bypass the client-side restrictions.
{% embed url="https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs" %}