While reading The Web Application Hacker’s Handbook , I tried to make a small

Question

0

Asked: June 1, 20262026-06-01T03:18:05+00:00 2026-06-01T03:18:05+00:00

While reading The Web Application Hacker’s Handbook , I tried to make a small

0

While reading The Web Application Hacker’s Handbook, I tried to make a small test on my own website (ASP.NET MVC3).

I have a model which it contains two fields, the first field is a disabled dropdownlist.
The second is an enabled text field.
The first field is disabled from the View.chtml and added
new {disabled="disabled"} as a paratemer.

Here is what happened to me, I ran Burp Suite tool as a proxy and trapped the response.
In the response, I removed the disabled="disabled"attribute from HTML, then forwarded the response to the browser. Oviuosly, the page now has two enabled fields.

The question is how to prevent tampering fields using tools such as Burp Suite?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T03:18:06+00:00

Editorial Team

2026-06-01T03:18:06+00:00Added an answer on June 1, 2026 at 3:18 am

You can’t. For that matter you can’t be sure that a post back you receive in your controller is the result from your view in a browser. Just posting whatever you want using some script is easy and something hackers frequently do.

The bottom line is. Never trust input and always validate it is permissible.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

While reading The Web Application Hacker’s Handbook , I tried to make a small

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply