BOOK THIS SPACE FOR AD
ARTICLE ADThis happened 2 years ago when I was doing some test on my Automation script the results of our query for hunting gave us this
So out of curiosity I checked it immediately and TADA! It shows the admin dashboard for a split second and redirects to login immediately. so I fire up Burp and try to see what’s happening… I saw a script in the response that will redirect me to login page, and that’s when I know I can bypass that application logic, after that I stopped my scanner and try to do the things manually. First I review the codes in the source. and I was able to get certain admin paths.
Fast Forward we were able to extract Juicy data, PII’s and guess what!? we also able to generate FREE!!! Tickets on this, Access the main page(Add,Edit & Delete Post of their page)…..