Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Vulnerable code?

  1. Home
  2. Forum
  3. Web hacking
  4. Vulnerable code?

ghost's Avatar

ghost

0 0

Okay, after leaving one of my favorite sonic fan forums. I got curious and started searching in the source code of some pages. In a page I found this code in this link:

http://Not_giving_site.org/index.php?act=boardrules

var q = unescape(location.search.substring(1)).split(/[=&]/);
for (var j=0; j<q.length; j+=2) {
if (q[j] == name) {
return q[j+1]```

It's javascript yes. The whole page is created in javascript. Is this code vulnerable? and is it safe to code a whole page in javascript?

Mr_Cheese's Avatar

Mr_Cheese

0 1

javascript is client side, not server side. manipulating the DOM wont be a direct root to attack a site, so in theory its reasonably safe. but it depends how your websites backend is put together.

it all depends on the situation.


ghost's Avatar

ghost

0 0

if the whole site is controlled by javascript you might make the assumption that they do alot of the validation with javascript. You could modify their code or use something like the tamperdata FF extension to try and exploit their sql database or xss the pages. just a thought.