20.2 Lab: Host header authentication bypass | 2023
This lab makes an assumption about the privilege level of the user based on the HTTP Host header. To solve the lab, access the admin panel and delete the user carlos | Karthikeyan Nagaraj
Published in
1 min readNov 8, 2023
Description
This lab makes an assumption about the privilege level of the user based on the HTTP Host header.
To solve the lab, access the admin panel and delete the user carlos.
Solution
- Reload Lab’s page and Capture the Request > Send it to Repeater
- Add
/adminin the url andlocalhostin Host Header, you will be now able to view admin Panel - Send
/admin/delete?username=carlosto solve the lab withlocalhostas host header
If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng
Thank you for Reading!
Happy Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ngTelegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials
