Secret Administrative Pages |
Overview Secret Administrative Pages are surprisingly common. Developers assume that it is not possible to determine the URL so the pages are secure. Discovery Methodology Try brute forcing the page names in the page parameter with Burp-Intruder in sniper mode. Include some of the following page names in the brute force list: secret.php, admin.php, _adm.php, _admin.php, root.php, administrator.php, auth.php, hidden.php, console.php, conf.php, _private.php, private.php, access.php, control.php, control-panel.php, phpMyAdmin.php Exploitation Same as discovery. Example The phpinfo function dumps PHP server configuration information to a nice table. The phpMyAdmin.php hosts a secret phpMyAdmin console. Videos Warning: Could not reach YouTube via network connection. Failed to embed video. Click here to watch How to Show Secret Page in Security Level 5 Warning: Could not reach YouTube via network connection. Failed to embed video. Click here to watch Brute Force Page Names using Burp-Suite Intruder Warning: Could not reach YouTube via network connection. Failed to embed video. Click here to watch Introduction to Fuzzing Web Applications with Burp-Suite Intruder Tool Warning: Could not reach YouTube via network connection. Failed to embed video. Click here to watch Using Burp Intruder Sniper to Fuzz Parameters Warning: Could not reach YouTube via network connection. Failed to embed video. Click here to watch Introduction to Burp-Suite Comparer Tool Warning: Could not reach YouTube via network connection. Failed to embed video. Click here to watch Gaining Administrative Shell Access via Command Injection Warning: Could not reach YouTube via network connection. Failed to embed video. Click here to watch How to Locate the Easter egg File using Command Injection |