From the course: Penetration Testing Web Apps with Kali and Burp Suite
Join today to access over 24,900 courses taught by industry experts.
File access through a web application URL
From the course: Penetration Testing Web Apps with Kali and Burp Suite
File access through a web application URL
- [Narrator] Easy Chat is a simple browser based chat server and we can use it to demonstrate how to exploit a web application in order to break into the system as a whole. This is a Windows based application and I have it running on IP address, 192.168.1.149. There are a number of vulnerabilities in this application. One of them enables us to use the URL to navigate to specific folders outside of the web root. Let's connect to Easy Chat using Burp Suite's web browser. Go to proxy. Turn Intercept off and open the browser. And we'll go to 192.168.1.149. Here we see the chat interface. We're just looking at the default chat rooms that come with the software. Back in Burp Suite, let's send the HTTP request to repeater and in repeater in the request, we'll change the get and we'll just move up the directory tree and request the temp folder and a file I've placed in there called password.txt and we'll send that. And…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
(Locked)
Exploiting your way into the gym4m
-
(Locked)
Exploiting through an ASPX shell with Cadaver4m 58s
-
(Locked)
Checking web page source1m 50s
-
(Locked)
Injecting HTML into a web page4m 6s
-
(Locked)
Exploiting tools left on websites2m 31s
-
(Locked)
Injecting SQL using Burp Suite3m 45s
-
(Locked)
Exploiting Node.js5m 55s
-
(Locked)
Injecting XML into a web page1m 55s
-
(Locked)
File access through a web application URL1m 32s
-
(Locked)
-
-