Bricks Documentation

Login page #2

  • Login page with client side validation.
  • Special characters are not allowed in user name and password field.

Credentials for logging in normally
User name Password
admin admin
tom tom
ron ron

SQL injection by bypassing the client side security.

When a user enters a user name and password, it is first validated using a client side security mechanism before sending it to the server. Thus, code injection attempts are filtered right from the beginning.

In order to bypass this security mechanism, SQL code has to be injected on to the input fields. However a security mechanism employed on the web page restricts from putting any special characters on the input. One of the easiest method bypass this security mechanism is to craft the POST requests, bypassing the client side security. This can be done using Mantra (Hackbar, Tamper Data, Live HTTP Headers, Chickenfoot etc.) or some man in the middle proxy like ZAP.