Hello everyone. I was doing challenges on the website that had a clue in challenges:
There is a “execution after redirect” to one of the login pages
I’ve done a test with burp, and get /user who’s re-directed to the /user/login with the response 302 found, and /cmsadmin to / with the response 301 moved permanently, But when I went change request location to /admin/1 response was “access denied”.
And I’ve been crawling all over the website with a dirbuster.
How do I manipulate this EAR? And how do I know the possible files/dir for bypass?
Please, i need ur help. Thanks a lot