20.2 Lab: Host header authentication bypass | 2023

This lab makes an assumption about the privilege level of the user based on the HTTP Host header. To solve the lab, access the admin panel and delete the user carlos | Karthikeyan Nagaraj

Description

This lab makes an assumption about the privilege level of the user based on the HTTP Host header.

To solve the lab, access the admin panel and delete the user carlos.

Solution

1. Reload Lab’s page and Capture the Request > Send it to Repeater
2. Add /admin in the url and localhost in Host Header, you will be now able to view admin Panel
3. Send /admin/delete?username=carlosto solve the lab with localhostas host header

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials