Introduction to IT and Cybersecurity
Video Description
This lesson offers a solution to the lab of Web Goat: Insecure Configuration forced browsing. The goal was to guess to URL for the user interface and this shows participants how to make the config page appear via transversal and using a variety of commands to discover how to find the administrative interface without force.
Video Transcription
00:04
Hello and welcome to the cyber. Very secure coding course. My name is Sonny Wear, and this is a lost top 10 for 2013.
00:13
A five security Miss Configuration.
00:16
This is the lab from Web goat insecure configuration.
00:23
This is the video solution for Web goat insecure configuration forced browsing
00:29
the instructions state your goal should be to guess the euro for the config interface. Now the config u r l is on lee available to the maintenance personnel. However,
00:40
the application doesn't check for any horizontal privileges.
00:46
So
00:47
basically, what we can do is try to force
00:50
the config page to appear.
00:53
Uh, bye.
00:55
By attacking this, you are Ellen doing a directory, Divers A ll.
01:00
So we know that anything after the attacks script here is going to be a screen related function.
01:08
So I'm just gonna go ahead and remove that part,
01:11
and I'm gonna try to guess what the config interface might be. I'm going to start with
01:19
the name of the directory config and see if that works.
01:23
Okay, That didn't work.
01:25
How about if we just try
01:27
cough
01:32
and that certainly works. So we have our success message. We were able to successfully find
01:40
the administrative
01:42
interface without any kind of authorization check being done.
01:48
We just didn't forced. You are well
Up Next
Secure Coding
In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.
Instructed By
Sunny Wear
Instructor
