OWASP top 10 vulnerabilities CTF lesson – Failure to Restrict URL Access

CTF365 lesson is based upon OWASP top 10 vulnerabilities which is still valid in 2020. The following are the lessons that are provided by CTF365. Let me tell you they are not only top 10, instead the list is of top 11 and please note they are not in any order. You can signup security shepherd using CTF365 account and start learning.

1. Broken Session Management
2. Cross Site Request Forgery (CSRF)
3. Cross Site Scripting (XSS)
4. Failure to Restrict URL Access
5. Insecure Cryptographic Storage
6. Insecure Direct Object References
7. Poor Data Validation
8. Security Misconfiguration
9. SQL Injection (SQLi)
10. Untrusted Input
11. Unvalidated Redirects and Forwards

4. Failure to Restrict URL Access

The short description has been given in the page itself but if you want to read more about it then you can always checkout the official OWASP page where they have described it more. Please click here to go to the link.

OWASP Failure to Restrict URL Access

The task here is as follows

The result key to this lesson is stored in a web page only administrators know about.

To solve the challenge we first need to check the source page of the challenge ie https://security-shepherd.ctf365.com/lessons/oed23498d53ad1d965a589e257d8366d74eb52ef955e103c813b592dba0477e3.jsp

We see the secret admin access page in the source page.

Failure to Restrict URL Access admin access

Now visit the link ie https://security-shepherd.ctf365.com/lessons/adminOnly/resultKey.jsp. The blank page is shown, seems interesting. Check the source page of this link too. Scroll to the bottom and…we see the key

Failure to Restrict URL Access key

Nice! Paste it and complete the current lesson.

Failure to Restrict URL Access completed!

Leave a Reply

Your email address will not be published. Required fields are marked *