OWASP Security Shepherd – Failure To Restrict Access Solution – LSB

What is Failure to Restrict URL Access Vulnerability/Threat?

Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an application that fails to restrict URL access, administration links are only put onto the page if the user is an administrator. However, if non-privileged users discover the administration page’s address, they can still access it via URL access.
Preventing unauthorized URL access requires selecting an approach for requiring proper authentication and proper authorization for each page. The easier the authentication is to include in a page the more likely that all pages will be covered by the policy.

$299 REGISTERS YOU FOR OUR NEWEST SELF PACED COURSE! LFD201 – INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!

With that said let’s try and complete this round of the game. We are presented with this page.

FTRA1

REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!

If we look closer at the page we can see the words “web page” highlighted. FTRA2

When we hover over the words our mouse icon changes to a choose option, but clicking it doesn’t bring us anywhere. So we need to check out the source code. If you right click on the words and choose ‘Inspect Element’, this will open up our developer tools.

FTRA3

Above we see the HTML tags and elements and there is not much we can do with the highlighted text. But if we look at the code underneath it we can see the HTML ‘style=””display: none”‘. If we change that word ‘none’ with the word ‘text’ can we then see what is being hidden?

FTRA4

$299 WILL ENROLL YOU IN OUR SELF PACED COURSE – LFS205 – ADMINISTERING LINUX ON AZURE!

Now, hit enter and close the developer tool and what do we see?

FTRA5

We have loaded the ‘Administrators Result Page’ to the web page by changing the code. So now we can just click on the highlighted part to bring us to the solution key.

FTRA6

Enter the key and hit submit et voilá. Success.

Thanks for reading.

QuBits 07-09-2018

BUNDLE CLOUD FOUNDRY FOR DEVELOPERS COURSE(LFD232) AND THE CFCD CERTIFICATION FOR $499!

 

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.