Video Description

This lesson offers a demo of hidden or 'secret' URLs. Participants receive step by step instructions in how to discover administrative pages that developers may have created but in a way that leave them vulnerable to outside access without a lot of effort. Using the interceptor in Burp Suite, a request is sent to the intruder and shows instances where variables can be subbed in to determine if they are admin pages. A payload is created with different page names to see if they are able to access the admin PHP page.

Course Modules

Secure Coding