Bypassing frontend validation on the web using Fetch

This is just an example of how you could possibly bypass certain front end validation by executing an asynchronous fetch within the developer tools console.

When trying to create a new process in Resco Cloud, there is a function called ‘AddHours’ which accepts negative numbers but due to front end validation it will only allow users to enter positive numbers only.

However I was able to find out that you can convert a recorded request within the developer tools window and convert it to a fetch. In this example I already saved the value as ‘12345’ in the process function, which then generated a request. You can then right click the request and copy it.

Once I have copied the fetch into a notepad I can then try and find the value of ‘12345’ inside of the request and update it to ‘-1’.

Once you have updated the request you can copy it back into the developer tools console which should successfully return a promise and the process should be successfully updated in the backend. This basically replicates what happens when you edit and save the process on the frontend.

I refreshed the page and the process is now saved with a -1.

Leave a Reply

Your email address will not be published. Required fields are marked *