Bypass The Admin Panel Using No Redirection

Bypass the admin panel using no redirection

Bypass The Admin Panel Using No Redirection

In this post I will show you how you can bypass the admin panel using no redirection. Today almost 60% websites are bypassable using no redirection.

Pre-requisite:

  • Mozilla Firefox
  • No redirect Addon
  • Brain 😉

What an attacker can do ?

  • An attacker can bypass admin panel and access the admin panel using this addon.
  • An attacker can make changes in site.
  • An attacker can shell the site.

so lets come to work..

  • Download and install the no redirection addon. If you don’t have get it from here.
  • Open the admin panel of targeted website.

For example: http://vuln-web.com/admin/index.php

  • Now we will guess the file name in folder to directly request the page if you cannot guess then you can spider a whole site and can perform this.
http://vuln-web.com/admin/index.php        (same Login Page)
http://vuln-web.com/admin/login.php        (Error, Page Not Found)
http://vuln-web.com/admin/home.php         (Error, Page Not Found)
http://vuln-web.com/admin/welcome.php      (Error, Page Not Found)
http://vuln-web.com/admin/dashboard.php    (Error, Page Not Found)
http://vuln-web.com/admin/default.php      (Error, Page Not Found)
http://vuln-web.com/admin/admin.php        (Redirected to index page )
  • The http://vuln-web.com/admin/admin.php redirects to index page that means this is present in the site so now we will directly request this page.
  • For directly request I will block the redirection using no redirect so just open your No redirection Addon by pressing ‘ alt ‘ key.
  • Add the admin panel URL in the addon.
 example: http://vuln-web.com/admin/
  • After adding now request the page admin.php. this time no redirection takes place because we blocked the redirection using no redirect addon.

Done, The only thing you need to do is guessing the files in admin folder. if not found any page spider or crawl the site and request the page.

Thanks for reading guys, keep sharing and practise.

Author: Ahmed Raza Memon

I am 17 years old Ethical Hacker, Penetration Tester, Web Security Expert and Exploit Writer From the India. My area of expertise includes Ethical Hacking, Vulnerability Assessment, Information Security Audits, Penetration Testing, Exploit Writing, Web Application security, Source Code Reviews, Forensic Investigation and Cyber Law. I have been Acknowledged by many top companies like Microsoft, Apple, SAP, AOL, Sony and many More...

Leave a Reply