Bypass The Admin Panel Using No Redirection
In this post I will show you how you can bypass the admin panel using no redirection. Today almost 60% websites are bypassable using no redirection.
- Mozilla Firefox
- No redirect Addon
- Brain 😉
What an attacker can do ?
- An attacker can bypass admin panel and access the admin panel using this addon.
- An attacker can make changes in site.
- An attacker can shell the site.
so lets come to work..
- Download and install the no redirection addon. If you don’t have get it from here.
- Open the admin panel of targeted website.
For example: http://vuln-web.com/admin/index.php
- Now we will guess the file name in folder to directly request the page if you cannot guess then you can spider a whole site and can perform this.
http://vuln-web.com/admin/index.php (same Login Page) http://vuln-web.com/admin/login.php (Error, Page Not Found) http://vuln-web.com/admin/home.php (Error, Page Not Found) http://vuln-web.com/admin/welcome.php (Error, Page Not Found) http://vuln-web.com/admin/dashboard.php (Error, Page Not Found) http://vuln-web.com/admin/default.php (Error, Page Not Found) http://vuln-web.com/admin/admin.php (Redirected to index page )
- The http://vuln-web.com/admin/admin.php redirects to index page that means this is present in the site so now we will directly request this page.
- For directly request I will block the redirection using no redirect so just open your No redirection Addon by pressing ‘ alt ‘ key.
- Add the admin panel URL in the addon.
- After adding now request the page admin.php. this time no redirection takes place because we blocked the redirection using no redirect addon.
Done, The only thing you need to do is guessing the files in admin folder. if not found any page spider or crawl the site and request the page.
Thanks for reading guys, keep sharing and practise.