Information Disclosure - Authentication Bypass Via Information Disclosure

Описание: Support This Channel
======================

Please like and subscribe, it means a lot!

Check out my cybsercurity and webdev site
https://www.webhacks.io

Please buy me a coffee so I can continue to make content.
https://buymeacoffee.com/zenshell

Join our Discord
  / discord  


Here we make use of a HTTP trace request in order to provoke the server into revealing a custom HTTP header that is appended to our requests. We can use the knowledge of this custom header to spoof our location and allow admin access to the web app. This is considered an information disclosure vulnerability because TRACE requests are usually disabled on a production web server.