Without even being logged in, we were able to force browse to an area of the web application that was unmapped. The term unmapped means the application itself had no direct link to this secret configuration page. However, using Burp Intruder and a wordlist containing commonly known administration file names, we were able to discover the page using the directory traversal attack.
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Preface
- Getting Started with Burp Suite
- Getting to Know the Burp Suite of Tools
- Configuring, Spidering, Scanning, and Reporting with Burp
- Assessing Authentication Schemes
- Assessing Authorization Checks
- Assessing Session Management Mechanisms
- Assessing Business Logic
- Evaluating Input Validation Checks
- Attacking the Client
- Working with Burp Macros and Extensions
- Implementing Advanced Topic Attacks
- Other Books You May Enjoy
How it works...
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.