mirror of
https://github.com/tmoron/darkly.git
synced 2025-09-27 20:58:35 +02:00
add readme for headers_manipulation, open_redirect and senstive_file_exposure
This commit is contained in:
20
sensitive_file_exposure/README.md
Normal file
20
sensitive_file_exposure/README.md
Normal file
@ -0,0 +1,20 @@
|
||||
# Sensitive file exposure
|
||||
|
||||
## How We Found It
|
||||
in the `/robots.txt` page, there is a page called `/whatever` that is disallowed. when we go to `/whatever`, there is a file called htaccess that we can download. in this file there is just one line :
|
||||
```
|
||||
root:437394baff5aa33daa618be47b75cb49
|
||||
```
|
||||
that looks like a user login and a password hashed using md5, so we decrypted it and got the password `qwerty123@`. This is intresting but where shoud we use it ?
|
||||
there is a page called `/admin`, on this page, there is a login and password prompt, when we enter the username and password found earlier, we get a flag.
|
||||
|
||||
## Utility of It
|
||||
- Leaks credentials that can be used to access restricted areas (like /admin).
|
||||
- Can lead to full system compromise if reused elsewhere.
|
||||
- Highlights bad practice of storing sensitive data in web-accessible paths.
|
||||
|
||||
## How Can We Patch It
|
||||
- Never expose sensitive files like `.htaccess`, `.env`, `config.php`, etc.
|
||||
- Properly configure the web server to deny access to such files.
|
||||
- Avoid storing plaintext or weakly hashed passwords in accessible locations.
|
||||
- Use strong hashing algorithms (e.g., bcrypt) and limit access to admin interfaces.
|
||||
Reference in New Issue
Block a user