- Joined
- Jun 28, 2020
- Messages
- 6,852
- Reaction score
- 739
- Points
- 212
- Awards
- 2
The Vulnerability:
To restrict access to a specific page or file on the website, the page is returned completely to anyone who requests it but with a "302 Moved Temporarily" status and a Location header specifying an address to redirect to for unauthorized users or guests. The browser, being a good boy, immidietly follows the redirection to the location specified in the Location header before loading the contents of the page.
How to exploit it:
To let the browser load the contents of the page, we just need to intercept the response of the server and remove the Location header and voala!
- An example :
I will use burp suite .
First, we turn on intercept server response.
This is the response in burp proxy. You can see that the contents of the page are present in this response.
We remove the location header and forward the response to the browser.
The page is loaded in your browser! In this example, the page is a file management system.
To restrict access to a specific page or file on the website, the page is returned completely to anyone who requests it but with a "302 Moved Temporarily" status and a Location header specifying an address to redirect to for unauthorized users or guests. The browser, being a good boy, immidietly follows the redirection to the location specified in the Location header before loading the contents of the page.
How to exploit it:
To let the browser load the contents of the page, we just need to intercept the response of the server and remove the Location header and voala!
- An example :
I will use burp suite .
First, we turn on intercept server response.
This is the response in burp proxy. You can see that the contents of the page are present in this response.
We remove the location header and forward the response to the browser.
The page is loaded in your browser! In this example, the page is a file management system.
