search

http

We can see that there is the site at port 80.

On visiting the site, I noticed that there is login form. I didn't have password. I will try to brute force for password.

Let's try some common password.

Here admin:password gave us the login.

First page after login.

I saw that we can submit an order from here in the order tab.

Placin order
Order submitted successfully.

In the response, captured while sending order requested I saw that there is XML content in the request field.

XML data

This means we can check for XXE vulnerability.

The contact page is simple and doesn't accept any user input.

Testing contact us page.
Code is simple table and doesn't have any backend support.

PreviousMarkup - starting pointNextHidden directory

Last updated

Was this helpful?