During a web application assessment, you intercept a POST request generated by the login form. Among the submitted parameters is a hidden field named isAdmin=false that is never validated server-side in the visible code. What is the most appropriate next action to test whether authorization is enforced on the server rather than the client?
Run an Nmap scan against the target host to identify additional open services.
Place a reflected XSS payload into the isAdmin parameter to test for script execution.
Modify the hidden isAdmin parameter to true in the intercepted request and resend it to the server.
Inject a UNION-based SQL payload into the username field to attempt authentication bypass.
Client-side controls can often be bypassed by simply altering values before the request reaches the server. By changing the hidden field from isAdmin=false to isAdmin=true and resending the request with a proxy component such as Burp Repeater or ZAP, the tester can observe whether the server allows privileged functionality. If it does, the application relies on insecure client-side enforcement. SQL injection, XSS, or unrelated network scanning do not directly evaluate this authorization weakness.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of hidden fields in web applications?
Open an interactive chat with Bash
What tools can be used to intercept and modify requests during a web application assessment?
Open an interactive chat with Bash
What does insecure client-side enforcement mean in web application security?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .