search

Forced Browsing

hashtag
Given below is the web page of an e-commerce website with an option to login as a seller. Using the credentials mentioned, check if any of the web pages are vulnerable to forced browsing

There is a login page but login is never checked. Hence we can manually visit the sellerinfo page and see any sellers infotmation:

Without loggin in, in incognito browser, simply visit the url:

http://url/sellerinfo/seller1.php

http://url/sellerinfo/seller2.php

http://url/sellerinfo/seller3.php

Details of seller is revealed

hashtag
You do not have the credentials to the account given below. Can you look for some clue that lets you force browse into the account, without the credentials?

The screenshot shows the URL of the page after login.

We force browse that directly,

http://url/loggedin/home.php

And we see page after login as no login check is being done.

PreviousUnderstanding Forced Browsing and Session-Cookie FlawsNextCross Site Request Forgery

Last updated