Open navigation menu

Scribd

0% found this document useful (0 votes)

189 views3 pages

Unprotected Admin Functionality Lab

The document describes how a user exploited unprotected admin functionality on a website. They were able to edit the GET request to access the administrator panel where they should not have access. Once in the admin panel, the user was able to delete another user named Carlos, demonstrating the security risk of including sensitive data in GET/POST/PULL requests that can be manipulated.

Uploaded by

DODOXD Mekheimer

Copyright

© © All Rights Reserved

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

189 views3 pages

Unprotected Admin Functionality Lab

The document describes how a user exploited unprotected admin functionality on a website. They were able to edit the GET request to access the administrator panel where they should not have access. Once in the admin panel, the user was able to delete another user named Carlos, demonstrating the security risk of including sensitive data in GET/POST/PULL requests that can be manipulated.

Uploaded by

DODOXD Mekheimer

Copyright

© © All Rights Reserved

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Lab 1-Unprotected Admin Functionality

Ahmed Khaled Saad Ali ID:1809799

Screenshots:
Clicked “My Account”

Edited GET Request & Forwarding

It opens another GET Request we will replace it with “/administrator-panel” as

well and forward it
We obtained admin panel and we delete carlos

Lessons:
1. Don’t include sensitive data/info in GET/POST/PULL requests

You might also like

Bug Bounty Tips and Exploits Guide
No ratings yet
Bug Bounty Tips and Exploits Guide
28 pages
Bug Bounty Hunting Techniques
No ratings yet
Bug Bounty Hunting Techniques
23 pages
401 & 403 Bypass Techniques Guide
No ratings yet
401 & 403 Bypass Techniques Guide
9 pages
OAuth Vulnerabilities and Exploits Guide
No ratings yet
OAuth Vulnerabilities and Exploits Guide
13 pages
User Role Manipulation in Labs
No ratings yet
User Role Manipulation in Labs
7 pages
Access Control Labs Solutions Guide
No ratings yet
Access Control Labs Solutions Guide
28 pages
Account Takeover Vulnerabilities Explained
100% (1)
Account Takeover Vulnerabilities Explained
43 pages
Admin Panel Bypass Techniques Checklist
100% (2)
Admin Panel Bypass Techniques Checklist
3 pages
Techniques for Bypassing 403 Errors
No ratings yet
Techniques for Bypassing 403 Errors
9 pages
Pre-Account Takeover Vulnerabilities Guide
No ratings yet
Pre-Account Takeover Vulnerabilities Guide
7 pages
Access Control Vulnerabilities Explained
No ratings yet
Access Control Vulnerabilities Explained
22 pages
Web Application Exploitation Techniques
No ratings yet
Web Application Exploitation Techniques
40 pages
Web Hacking Techniques for Pentesters
No ratings yet
Web Hacking Techniques for Pentesters
2 pages
Disable Admin SDK API Access Guide
No ratings yet
Disable Admin SDK API Access Guide
1 page
Sharing Knowledge on OpenBullet Forums
100% (1)
Sharing Knowledge on OpenBullet Forums
10 pages
Web Application Vulnerabilities Report
No ratings yet
Web Application Vulnerabilities Report
18 pages
Open Redirect Vulnerability Guide
No ratings yet
Open Redirect Vulnerability Guide
27 pages
Bypassing Google 2FA Techniques
100% (1)
Bypassing Google 2FA Techniques
7 pages
Circumventing Referer-Based Access Control
No ratings yet
Circumventing Referer-Based Access Control
3 pages
Circumventing Method-Based Access Control
No ratings yet
Circumventing Method-Based Access Control
6 pages
Auth System with Roles in React
No ratings yet
Auth System with Roles in React
7 pages
Advanced Web Hacking Techniques Course
No ratings yet
Advanced Web Hacking Techniques Course
2 pages
Advanced Penetration Testing Techniques
No ratings yet
Advanced Penetration Testing Techniques
9 pages
Exploiting Open URL Redirects
No ratings yet
Exploiting Open URL Redirects
3 pages
Actitime Integration Scenarios PDF
No ratings yet
Actitime Integration Scenarios PDF
1 page
OAuth Vulnerabilities Overview
No ratings yet
OAuth Vulnerabilities Overview
14 pages
Authentication Bypass Techniques Guide
No ratings yet
Authentication Bypass Techniques Guide
2 pages
Wi-Fi Security: MAC Filtering Guide
No ratings yet
Wi-Fi Security: MAC Filtering Guide
2 pages
Web Vulnerabilities Overview
100% (1)
Web Vulnerabilities Overview
35 pages
No-Redirect Admin Panel Bypass Guide
No ratings yet
No-Redirect Admin Panel Bypass Guide
1 page
Lab 04 Access Control
No ratings yet
Lab 04 Access Control
2 pages
Admin Login Bypass Exploits Guide
No ratings yet
Admin Login Bypass Exploits Guide
11 pages
Google Login Flow Email Leak Exposed
No ratings yet
Google Login Flow Email Leak Exposed
3 pages
Preventing Clickjacking in React JS
No ratings yet
Preventing Clickjacking in React JS
4 pages
Ethical Hacking: Social Engineering Lab Guide
No ratings yet
Ethical Hacking: Social Engineering Lab Guide
17 pages
Broken Access Control: Risks and Mitigations
No ratings yet
Broken Access Control: Risks and Mitigations
3 pages
React.js Event Handling Guide
No ratings yet
React.js Event Handling Guide
8 pages
Unblocking Users on POF Guide
No ratings yet
Unblocking Users on POF Guide
7 pages
Apache Configuration and Security Tasks
No ratings yet
Apache Configuration and Security Tasks
16 pages
Apache Configuration and .htaccess Guide
No ratings yet
Apache Configuration and .htaccess Guide
5 pages
VAPT Report: Security Vulnerabilities Found
No ratings yet
VAPT Report: Security Vulnerabilities Found
13 pages
Unauthorized URL Redirect via HTTP Host
No ratings yet
Unauthorized URL Redirect via HTTP Host
5 pages
API5:2019 Broken Function Level Authorization
No ratings yet
API5:2019 Broken Function Level Authorization
5 pages
Bypassing 2FA and MFA Vulnerabilities
100% (2)
Bypassing 2FA and MFA Vulnerabilities
117 pages
Hacking Facebook Accounts Tutorial
No ratings yet
Hacking Facebook Accounts Tutorial
1 page
Active Directory Breaching Techniques
No ratings yet
Active Directory Breaching Techniques
21 pages
Facebook Account Recovery Methods
100% (4)
Facebook Account Recovery Methods
23 pages
Google Admin Account Security Tips
No ratings yet
Google Admin Account Security Tips
2 pages
Burp Suite Exam: Practice Lab 2
No ratings yet
Burp Suite Exam: Practice Lab 2
2 pages
Google Dorking for Cybersecurity Lab
No ratings yet
Google Dorking for Cybersecurity Lab
17 pages
OWASP Juice Shop Access Control Challenges
No ratings yet
OWASP Juice Shop Access Control Challenges
13 pages
Google Dorks for Finding Admin Panels
50% (2)
Google Dorks for Finding Admin Panels
16 pages
Basic SQL Injection for Website Hacking
No ratings yet
Basic SQL Injection for Website Hacking
3 pages
OAuth2.0 Access Control Vulnerabilities
No ratings yet
OAuth2.0 Access Control Vulnerabilities
5 pages
Authentication and Session Management Risks
No ratings yet
Authentication and Session Management Risks
28 pages
User ID Exploitation in Lab 7
No ratings yet
User ID Exploitation in Lab 7
4 pages
User ID Exploitation in Lab 9
No ratings yet
User ID Exploitation in Lab 9
4 pages
User ID Parameter Data Leakage Lab
No ratings yet
User ID Parameter Data Leakage Lab
3 pages
Unprotected Admin Access in Lab 2
No ratings yet
Unprotected Admin Access in Lab 2
2 pages
Enhancing AUTOSAR with GPU Transformers
No ratings yet
Enhancing AUTOSAR with GPU Transformers
100 pages