Jump to content
Sign in to follow this  
Rotimi

Please help with Login Page

Recommended Posts

Rotimi

There is this Web Application I'm running a VA & PT on. During the Vulnerability assessment, I used Acunetix to scan the target. When Acunetix was listing the Site Structure i.e. directories in the Web App, it listed the /cms directory. .On accessing www.target.com/cms/ VIA mozilla browser, I was faced with an Admin login page asking for "Username and Password" to login. . .

Taking a closer look at Acunetix, I saw it listed the sub-directories and files in /cms i.e.

/cms/config/

/cms/addusers.php

/cms/deleteusers.php

/cms/edit_permissions.php

/cms/list_users.php

. .and so on. .

When I tried accessing www.target.com/cms/addusers.php , I was redirected to the login page www.target.com/cms/login.php which appears normal 'cos obviously I wasn't logged in. .But the amazing aspect is, when I clicked on the /cms/addusers.php on Acunetix, and clicked on the View page, I was given "unrestricted" access to the /cms/addusers.php without redirecting back to the login page. .and eventually, I could add myself as Admin, bla bla bla. .

Now my question is, is there anyway I could do the same thing on Mozilla?

Share this post


Link to post
Rotimi

I eventually found my way around it with the NoRedirect Firefox Addon.

Download the addon, create a rule, I used ^http?://(?:[^/]+\.)?target\.com .

This stops all Redirections on the domain and allows you view the file as it is.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
×