| Secret Administrative Pages |
|
Overview Secret Administrative Pages are surprisingly common. Developers assume that it is not possible to determine the URL so the pages are secure. Discovery Methodology Try brute forcing the page names in the page parameter with Burp-Intruder in sniper mode. Include some of the following page names in the brute force list: secret.php, admin.php, _adm.php, _admin.php, root.php, administrator.php, auth.php, hidden.php, console.php, conf.php, _private.php, private.php, access.php, control.php, control-panel.php, phpMyAdmin.php Exploitation Same as discovery. Example The phpinfo function dumps PHP server configuration information to a nice table. The phpMyAdmin.php hosts a secret phpMyAdmin console. Videos Warning: Could not reach YouTube via network connection. Failed to embed video. How to Show Secret Page in Security Level 5: Visit YouTube Site Warning: Could not reach YouTube via network connection. Failed to embed video. Brute Force Page Names using Burp-Suite Intruder: Visit YouTube Site Warning: Could not reach YouTube via network connection. Failed to embed video. Introduction to Fuzzing Web Applications with Burp-Suite Intruder Tool: Visit YouTube Site Warning: Could not reach YouTube via network connection. Failed to embed video. Using Burp Intruder Sniper to Fuzz Parameters: Visit YouTube Site Warning: Could not reach YouTube via network connection. Failed to embed video. Introduction to Burp-Suite Comparer Tool: Visit YouTube Site Warning: Could not reach YouTube via network connection. Failed to embed video. Gaining Administrative Shell Access via Command Injection: Visit YouTube Site Warning: Could not reach YouTube via network connection. Failed to embed video. How to Locate the Easter egg File using Command Injection: Visit YouTube Site |