Bypassing .htaccess by using GETS

Hi folks, during these days I am traveling a lot for job, and unfortunately I don’t have much time to write posts. Hovewer today I wanna share a really nice post about a classic problem affecting the HTTP basic authentication method in PHP applications. The post ( written by armoredcode ) is about a 2 years old bug described by Owasp in 2010 (here) , by cd34 (here) and by Eguaj (here, which btw, explained with lot of details). I’d like so much this post because is not about vulnerability (which is very known, even if very spread over websites) but is about the whole hacking process, from scratch. Pablo Perego wrote a very detailed process and very deep considerations that drive the reader to a full understanding of what the problem is. Following the images of the fundamental steps taken from armoredcode. First a HTTP request with empty body.


And then the request for the backed page.

 

Again a great place to start to look into the hacking reality and a good example of simple vulnerability exploiting process .

Following the main followed steps:

  1. fingerprint the operating system, the web server and the programming language version using netcraft He discovered a “/backend” directory looking into a javascript file he found in a browsable “/static” directory.
  2. Paolo crafted custom HTTP requests in order to bypass HTTP Basic Authentication that it was in place to avoid curious people to look into the backendI was able to make updates into the database…
Please refers to the original website to learn more about the “lessons learned” .