Ethical Hacking
  • Introduction to Information Security
    • What is Hacking?
    • Type of Hacking
    • Exercise
    • Uses of Proxy Servers
    • Summary Proxy & VPN
    • Summary
  • Gathering Information About Websites
    • Gathering Information
    • Gathering Targeted Information
  • Google Droks
  • Introduction to Web Architecture and Understanding Common Security Misconceptions
    • Web Servers
    • Web Server Architecture
    • Web Server Architecture Combinations
  • VA & PT
    • OWASP
    • SQL Injection
    • Advanced SQL Injections
    • Burp Suit
      • Client Side Validation Burp Suite Bypass
      • Client Side Validation Burp Suite Bypass
      • GET Based IDOR in URL
      • Post Based IDOR Variant
      • GET Based IDOR in URL
      • Post Based IDOR in URL
      • Download based
  • Arbitrary File Upload Vulnerabilities
    • Server Side Attack
    • Server Side Attack
    • Client Side Attack
  • Understanding Response Headers
    • Event Listeners
  • Fundamentals of Cross Site Scripting (XSS)
    • Temporary XSS
  • Understanding Forced Browsing and Session-Cookie Flaws
    • Forced Browsing
    • Cross Site Request Forgery
    • Open Redirection
  • Dictionary Based Brute Force Attacks
    • Dictionary Based Bruteforcing
    • Logical Bruteforcing
    • PII Leakage Variant
  • Identifying Security is configurations and Exploiting Outdated Web Applications
    • Information Disclosure via Descriptive Messages
    • Default Debug Pages
    • How to guess password for a standard login page
    • Default/Weak Password in Custom CMS
    • Fingerprinting Components with Known Vulnerabilities
    • Finding Exploits for Components with Known Vulnerabilities
    • Default/Weak Password in Public Software
    • Vulnerable Components Installed
    • Vulnerable Components Installed 2
    • Vulnerable Components Installed 3
  • Scanning for Bugs in WordPress and Drupal
    • What is CMS?
    • Variant 1
    • Vulnerable CMS
    • How to Scan Drupal CMS for Known Vulnerabilities?
    • Joomla CMS
  • Automating VAPT and Secure Code Development
    • information gathering
    • Nmap Scans
    • Automating VAPT:
  • POC
    • Recommendations for Documenting a Vulnerability
    • PoC
    • Types of Reports
    • Recommendations for OWASP Top 10 Vulnerabilities
    • Components of a VAPT Report
    • Vulnerability Information (for each vulnerability)
    • Bad Practices to Avoid While Writing a Report
Powered by GitBook
On this page
  • Given below is the web page of an e-commerce website with an option to login as a seller. Using the credentials mentioned, check if any of the web pages are vulnerable to forced browsing
  • You do not have the credentials to the account given below. Can you look for some clue that lets you force browse into the account, without the credentials?
  1. Understanding Forced Browsing and Session-Cookie Flaws

Forced Browsing

PreviousUnderstanding Forced Browsing and Session-Cookie FlawsNextCross Site Request Forgery

Last updated 1 year ago

Given below is the web page of an e-commerce website with an option to login as a seller. Using the credentials mentioned, check if any of the web pages are vulnerable to forced browsing

There is a login page but login is never checked. Hence we can manually visit the sellerinfo page and see any sellers infotmation:

Without loggin in, in incognito browser, simply visit the url:

http://url/sellerinfo/seller1.php

http://url/sellerinfo/seller2.php

http://url/sellerinfo/seller3.php

Details of seller is revealed

You do not have the credentials to the account given below. Can you look for some clue that lets you force browse into the account, without the credentials?

The screenshot shows the URL of the page after login.

We force browse that directly,

http://url/loggedin/home.php

And we see page after login as no login check is being done.