Started a New Shit Yesterday(Got a Hit That Very Moment)
Its Broken Authentication(OWASP TOP 10)
I wont be going much technical into it for all the public taken into consideration
It is a way to bypass the authentication in a website without entering the username/password .As the name says broken authentication means the authentication flow set by that website has some other way round to get in
Example: 1. www.xyz.com/admlogin has an authentication set
2. Inside that admin login there is a page like www.xyz.com/admlogin/editdetails.aspx
3. So Instead of going to /admlogin you directly went to the other URL and boom you are inside the admin login without having to enter the username and password(Thats just one basic example)
Here is the inside page URL: Just add /admin/home.php to the above URL and You are an admin with all the permissions
Note: You have the admin access to only those pages which are having broken authentication, Not to all
If you tracerse to any other page it might ask you the admin credentials cuz it is secured by this vulnerability
(14 November, 2019 - 03:31 AM)Pentester708 Wrote: Show More
LEAVE A LIKE MATES THANKS
Started a New Shit Yesterday(Got a Hit That Very Moment)
Its Broken Authentication(OWASP TOP 10)
I wont be going much technical into it for all the public taken into consideration
It is a way to bypass the authentication in a website without entering the username/password .As the name says broken authentication means the authentication flow set by that website has some other way round to get in
Example: 1. www.xyz.com/admlogin has an authentication set
2. Inside that admin login there is a page like www.xyz.com/admlogin/editdetails.aspx
3. So Instead of going to /admlogin you directly went to the other URL and boom you are inside the admin login without having to enter the username and password(Thats just one basic example)
Now here is the website:
Here is the inside page URL: Just add /admin/home.php to the above URL and You are an admin with all the permissions
Note: You have the admin access to only those pages which are having broken authentication, Not to all
If you tracerse to any other page it might ask you the admin credentials cuz it is secured by this vulnerability
(14 November, 2019 - 03:31 AM)Pentester708 Wrote: Show More
LEAVE A LIKE MATES THANKS
Started a New Shit Yesterday(Got a Hit That Very Moment)
Its Broken Authentication(OWASP TOP 10)
I wont be going much technical into it for all the public taken into consideration
It is a way to bypass the authentication in a website without entering the username/password .As the name says broken authentication means the authentication flow set by that website has some other way round to get in
Example: 1. www.xyz.com/admlogin has an authentication set
2. Inside that admin login there is a page like www.xyz.com/admlogin/editdetails.aspx
3. So Instead of going to /admlogin you directly went to the other URL and boom you are inside the admin login without having to enter the username and password(Thats just one basic example)
Now here is the website:
Here is the inside page URL: Just add /admin/home.php to the above URL and You are an admin with all the permissions
Note: You have the admin access to only those pages which are having broken authentication, Not to all
If you tracerse to any other page it might ask you the admin credentials cuz it is secured by this vulnerability
(14 November, 2019 - 03:31 AM)Pentester708 Wrote: Show More
LEAVE A LIKE MATES THANKS
Started a New Shit Yesterday(Got a Hit That Very Moment)
Its Broken Authentication(OWASP TOP 10)
I wont be going much technical into it for all the public taken into consideration
It is a way to bypass the authentication in a website without entering the username/password .As the name says broken authentication means the authentication flow set by that website has some other way round to get in
Example: 1. www.xyz.com/admlogin has an authentication set
2. Inside that admin login there is a page like www.xyz.com/admlogin/editdetails.aspx
3. So Instead of going to /admlogin you directly went to the other URL and boom you are inside the admin login without having to enter the username and password(Thats just one basic example)
Now here is the website:
Here is the inside page URL: Just add /admin/home.php to the above URL and You are an admin with all the permissions
Note: You have the admin access to only those pages which are having broken authentication, Not to all
If you tracerse to any other page it might ask you the admin credentials cuz it is secured by this vulnerability
![[Image: Udpc9Lb.gif]](https://i.imgur.com/Udpc9Lb.gif)
