Hello guys, I am UJJWAL GAUTAM from Nepal. This write up is about the CSRF vulnerability that I found on an Indian website,for now, we will say redacted.com because the issue has not been resolved yet.
Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform.
In a successful CSRF attack, the attacker causes the victim user to carry out an action unintentionally. For example, the email address of the victim account…
Brief about BAC
Broken access control vulnerabilities exist when a user can in fact access some resource or perform some action that they are not supposed to be able to access. (source- Portswigger website)
intitle:”index of” “/configs”
Via this method many directories of important organization websites could be accessed. Upon brute forcing different paths, sensitive information were disclosed which included credentials of the admin account, different users credentials, emails, etc.
OSI Model stands for Open Systems Interconnection Model and it is a conceptual framework that is utilized in describing the functions of a network system.
(source- Heath Adam’s Practical Ethical Hacking-The Complete Course)
The physical, data and network layer are the hardware layer/lower layer, Trasport layer is the heart of OSI model and Session, presentation and application layer are called the software/upper layer.
This writeup is about the 2FA simple bypass in PortSwigger lab. I will be adding about other lab in future. So lets begin.
So lets observe the instructions.
So as per the instruction we as an attacker have already obtained the valid username and password of the victim. Now we have to access the victim’s account page without knowing the 2FA code that would be otherwise sent to the victim’s email. Okay. Lets access the lab.
What is SSRF?
Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization’s infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems, potentially leaking sensitive data such as authorization credentials. (source- https://portswigger.net/web-security/ssrf)
So lets identify SSRF in http://testphp.vulnweb.com/ lab
What is sql injection?
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior. (source- portswigger website- https://portswigger.net/web-security/sql-injection)
Lets practice on the lab. https://www.codingame.com/playgrounds/154/sql-injection-demo/sql-injection. …
This writeup might be helpful for beginners to practice and learn about LFI through http://testphp.vulnweb.com/ lab
An attacker can use Local File Inclusion (LFI) to trick the web application into exposing or running files on the web server. An LFI attack may lead to information disclosure, remote code execution, or even Cross-site Scripting (XSS). Typically, LFI occurs when an application uses the path to a file as input (source: https://www.acunetix.com/blog/articles/local-file-inclusion-lfi/)
LFI = Path Traversal/Directory Traversal + Code Execution
Now, lets begin.
2. Have the request captured in your burp suite by reloading the page…
Programmer, Cybersecurity Enthusiast