Path traversal

https://insecure-website.com/loadImage?filename=../../../etc/passwd

https://insecure-website.com/loadImage?filename=..\\..\\..\\windows\\win.ini

Access control

https://insecure-website.com/robots.txt

Some applications determine the user's access rights or role at login, and then store this information in a user-controllable location. This could be:

• A hidden field.
• A cookie.
• A preset query string parameter.

Observe that the response sets the cookie Admin=false. Change it to Admin=true.

https://insecure-website.com/myaccount?id=123

If an attacker modifies the id parameter value to that of another user, they might gain access to another user's account page, and the associated data and functions.

• Log in using the supplied credentials and access the user account page.
• Change the "id" parameter in the URL to administrator.
• View the response in Burp and observe that it contains the administrator's password.

Authentication

passwords.txt