Part 7 Lab Solutions

Video Activity

This lesson offers a solution to the lab of Web Goat: Insecure Configuration forced browsing. The goal was to guess to URL for the user interface and this shows participants how to make the config page appear via transversal and using a variety of commands to discover how to find the administrative interface without force.

Join over 3 million cybersecurity professionals advancing their career

Sign up with

or

View all SSO options

Already have an account? Sign In »

Course

Time

9 hours 31 minutes

Difficulty

Intermediate

CEU/CPE

10

Video Description

This lesson offers a solution to the lab of Web Goat: Insecure Configuration forced browsing. The goal was to guess to URL for the user interface and this shows participants how to make the config page appear via transversal and using a variety of commands to discover how to find the administrative interface without force.

Video Transcription

00:04

Hello and welcome to the cyber. Very secure coding course. My name is Sonny Wear, and this is a lost top 10 for 2013.

00:13

A five security Miss Configuration.

00:16

This is the lab from Web goat insecure configuration.

00:23

This is the video solution for Web goat insecure configuration forced browsing

00:29

the instructions state your goal should be to guess the euro for the config interface. Now the config u r l is on lee available to the maintenance personnel. However,

00:40

the application doesn't check for any horizontal privileges.

00:46

So

00:47

basically, what we can do is try to force

00:50

the config page to appear.

00:53

Uh, bye.

00:55

By attacking this, you are Ellen doing a directory, Divers A ll.

01:00

So we know that anything after the attacks script here is going to be a screen related function.

01:08

So I'm just gonna go ahead and remove that part,

01:11

and I'm gonna try to guess what the config interface might be. I'm going to start with

01:19

the name of the directory config and see if that works.

01:23

Okay, That didn't work.

01:25

How about if we just try

01:27

cough

01:32

and that certainly works. So we have our success message. We were able to successfully find

01:40

the administrative

01:42

interface without any kind of authorization check being done.

01:48

We just didn't forced. You are well

Up Next

Part 2 Explanations

Part 3 Comments Demo

Part 4 HiddenPages Demo

Part 5 HTMLS Web Storage Demo

Secure Coding

In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.

Instructed By

Similar Content

OWASP

Established in 2001, the Open Web Application Security Project (OWASP) offers free security tools and ...

12 CEU/CPE Hours Available

Certificate of Completion Offered

Python Coding - Basic

Python Coding - Basic

The Python Coding - Basic test is a premium Cybrary assessment test created by Interview ...

Interview Mocha

Intro to Python

Intro to Python

This is an introductory course on Python for cyber security, giving students the ability to ...

3 CEU/CPE Hours Available

Certificate of Completion Offered