OP 13 July, 2020 - 08:34 AM
(This post was last modified: 13 July, 2020 - 08:36 AM by Pentester708.)
Mostly Everything can be judged by the name itself.
But they say dont go by someones name.
Alright So When the authentication system of a website/web server is broken, it can lead to any user accessing any specific feature of a site which was meant to be hidden or accessible to only certain people(admins probably).
We be Taking an Example to Elaborate the Above Scenario:
There is a website which is having an admin login
Obviously theres a username/password set by the administrator to use it.
We can crack the password,try the defualt ones,phish it and blah blah whatever trick you got up your sleeves.
But unfortunately theres nothing else we can do if all the above fails
Let me hop back a line.
We may try this one super easy method we be discussing about which is "Broken Authentication".
Now , inside the admin login there are certain pages an admin can access
Suppose:
Which means we can access certain of those above pages without having to login as admin or without having admin credentials.This particular type of Broken Authentication is known as URL Rewriting.
How?
By just adding the extension at the end of site Url
Like: brokensite.com/add.php
or
brokensite.com/users.php
Why we are able to access them without admin login is because the site developer although made an admin login to access those features but forgot to block the direct accessible paths and terminate the sessions properly.
Now some Live Examples For Yal:
You can see opening the link and you ll find yourself logged in as Admin and accessing an Admin Featured Page
But as soon as you move to some other section, you are automatically logged out and are asked the admin username/password to login.
I am obviously not a professional neither a hardcore mr robot kinda hacker, So suggestions/Modifications are always welcome.
But they say dont go by someones name.
Alright So When the authentication system of a website/web server is broken, it can lead to any user accessing any specific feature of a site which was meant to be hidden or accessible to only certain people(admins probably).
We be Taking an Example to Elaborate the Above Scenario:
There is a website which is having an admin login
Obviously theres a username/password set by the administrator to use it.
We can crack the password,try the defualt ones,phish it and blah blah whatever trick you got up your sleeves.
But unfortunately theres nothing else we can do if all the above fails
Let me hop back a line.
We may try this one super easy method we be discussing about which is "Broken Authentication".
Now , inside the admin login there are certain pages an admin can access
Suppose:
- /home.php
- /dashboard.php
- /users.php
- /add.php
- /whatever.php
Which means we can access certain of those above pages without having to login as admin or without having admin credentials.This particular type of Broken Authentication is known as URL Rewriting.
How?
By just adding the extension at the end of site Url
Like: brokensite.com/add.php
or
brokensite.com/users.php
Why we are able to access them without admin login is because the site developer although made an admin login to access those features but forgot to block the direct accessible paths and terminate the sessions properly.
Now some Live Examples For Yal:
You can see opening the link and you ll find yourself logged in as Admin and accessing an Admin Featured Page
But as soon as you move to some other section, you are automatically logged out and are asked the admin username/password to login.
I am obviously not a professional neither a hardcore mr robot kinda hacker, So suggestions/Modifications are always welcome.
![[Image: Udpc9Lb.gif]](https://i.imgur.com/Udpc9Lb.gif)
