22 lines
809 B
HTML
22 lines
809 B
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b>Forced Browsing. </p>
|
|
</div>
|
|
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
How to Exploit Forced Browsing.
|
|
<br>
|
|
<div align="Left">
|
|
<p>
|
|
<b>How the attacks works:</b>
|
|
</p>
|
|
Forced browsing is a technique used by attackers to gain access to resources that are not referenced, but are nevertheless accessible.
|
|
|
|
One technique is to manipulate the URL in the browser by deleting sections from the end until an unprotected directory is found
|
|
</div>
|
|
<p><b>General Goal(s):</b> </p>
|
|
<!-- Start Instructions -->
|
|
* Your goal should be to try to guess the URL for the "config" interface.<br>
|
|
* The "config" URL is only available to the maintenance personnel.<br>
|
|
* The application doesn't check for horizontal priveleges.
|
|
<!-- Stop Instructions -->
|