Sensitive Data Exposure - DVNA
Step 1: Navigate to admin dashboard at /app/admin as a non-admin user. Intercept this request using Burp.
Step 2: Send the intercepted request to Burp Intruder(CTRL+I) and navigate to Intruder(CTRL+SHIFT+I)
Step 3: In Burp, navigate to Intruder > Positions. Under "Payload Positions", select "Attack type" as "Sniper". In the GET request, add test string to the admin dashboard URL and add it as payload position.
Step 4: In Burp, navigate to Intruder > Payloads. Under "Payload Sets" select "Payload set" as "1" and "Payload type" as "Simple list". Under "Payload Options" add a set of possible directories to the list
Step 5: Click "Start attack" and when the attack results are displayed then sort by length. Notice that for the users that exist on the application you are able to access their password reset page
Last updated
