Ad End 1 August 2026
Ad End 4 july 2026
ad End 17 June 2026
ad End 25 July 2026
banner Expire 27 September 2026
adv exp at 20 April 2026
banner Expire 25 July 2025
Ads end 31 October 2026
What's new
Ad expires at 9 July 2026
Ads end 31 October 2026
Wizard's shop 2.0
RonalClub cc shop
Patrick Stash
Luki Crown
best shop
best shop

Dark_Code_x

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 28, 2020
Messages
6,905
Reaction score
753
Points
212
Awards
2
  • Somebody Likes you
  • First post
The Vulnerability:

To restrict access to a specific page or file on the website, the page is returned completely to anyone who requests it but with a "302 Moved Temporarily" status and a Location header specifying an address to redirect to for unauthorized users or guests. The browser, being a good boy, immidietly follows the redirection to the location specified in the Location header before loading the contents of the page.

How to exploit it:

To let the browser load the contents of the page, we just need to intercept the response of the server and remove the Location header and voala!

- An example :
I will use burp suite .

First, we turn on intercept server response.


This is the response in burp proxy. You can see that the contents of the page are present in this response.


We remove the location header and forward the response to the browser.

The page is loaded in your browser! In this example, the page is a file management system.
 
Ad End 1 November 2024
Top