Main Techniques

Possible Vectors:

Without Access Control

Path Traversal examples

# Possible administrative URL
/robots.txt
# If Disalow Check 
/admin-panel-name
# 3 jumps back to the root...
../../../etc/passwd

By taking a look at the source code you can spot endpoints to the admin panel on the URL

Also the way the application forms the parameters to login; cookies, username, password, etc.

		var adminPanelTag = document.createElement('a');
		adminPanelTag.setAttribute('https://geeglo.com/brpasdsdkljcx');
		adminPanelTag.innerText = 'Admin panel';

With Access control

PreviousRecon NextXSS

Last updated 3 months ago