🔏
roguebook
  • group
    • Web
      • Concepts
      • OAuth 2.0
      • File upload
      • API testing
      • Web Cache Decpetion
      • CORS
      • CSRF
      • Cross site web socket hijacking
      • XS-Leaks
    • Bug Bounty
      • Recon
        • Dorking
          • SSL Checker
        • Wordlists
          • Twitter wordlist suggestions
      • Tips & Tricks
        • Combined
        • CSP Bypasses & open redirect
        • 403 Bypass
        • Arrays in JSON
        • Open Redirect
        • Next.js Application
        • Locla File Read
        • External Link
        • xss bypass
        • CSRF cors bypass
        • ssrf
      • Talks/Interviews/Podcasts
        • Bug Bounty Talks
        • Podcasts
          • Critical Thinking - Bug Bounty Podcast
            • Learning
      • Tools
    • Android
      • Getting Started
      • Intent Attack Surface
      • Broadcast Receivers
      • Android Permissions
      • Android Services
      • Content and FileProvider
      • WebView & CustomTabs
      • Insecure Storage
      • Tips & Tricks
    • Thick Client
      • Lab Setup
      • Information Gathering
      • Traffic analysis
      • Insecure Data storage
      • Input validation
      • DLL hijacking
      • Forensics
      • Extra resources
    • OSINT
      • OpSec
    • Malware Analysis
      • Lab Setup
      • Networking
      • Tools
      • Malware source
      • Basic Static Analysis
      • Basic Dynamic Analysis
      • Advanced Analysis
      • Advanced Static Analysis
      • Advanced Dynamic Analysis
      • Malicious Document Analysis
      • Shellcode Analysis
    • Malware Development
    • Blue Team
      • Tools
      • Malware Analysis
        • Basic Static Analysis
    • Assembly
      • Instructions
    • Binary Exploitation
    • Infographics
    • Malware Analysis
    • Threat Modeling
Powered by GitBook
On this page
  1. group
  2. Thick Client

Input validation

User input can be dangerous.

PreviousInsecure Data storageNextDLL hijacking

Last updated 2 years ago

It is very common that application doesn't sanitize the user input before processing which leads to many types of attacks.

In case of DVTA:

  1. SQL injection leading to authentication bypass.

  2. CSV injection.

Check article for more detail explanation.

Whenever you get a chance to intercat with the application always pay close attention to inout fields you never know how and where these inputs will be used. You can totally bring your web hacking knowledge in place in this case.

You can check for various Injection attacks like SQL, nosql, command, XSS etc.

this