It is not possible, but you can see any output from access.php if it sends anything (it most likely does not). It is completely up to the scripts to decide what you do or don't see.
it is absolutely possible . It is a training challenges for educational purpose
"if it sends anything (it most likely does not)"
when I tried to access access.php a plank page show up saying "please reactivate redirection".
" It is completely up to the scripts to decide what you do or don't see"
you did not say something new.
finally , if you ignore the answer it does not mean that it is impossible
Moreover , I do persist in the fact that if you are not able to answer me for some reasons please , let other do it . Because your answer is so trivial and meaningful
i have to agree with LB on this. if i write a php script to redirect you, there is nothing you can about it short of making a hack in [insert browser of choice here]. you cant really control being redirected off the page. you can however stop something from redirecting to another page (my dad works for a company that writes web filters so i found that interesting)
I already wrote "It is a training challenges for educational purpose". I means it is a legal hack challenge and there are people who solved it (but very few) . The problem is that I tried many attack techniques to bypass the URL redirection from access.php to denied.php but I failed.
"you can however stop something from redirecting to another page"
according to me , I tried firefox extension (Noredirect). It stopped the redirection but the page became blank .It seems that the site is not vulnerable against this type of attack.
But if you have another idea or technique , you can tell me .
another thing: the site of challenge show a cookie
so I tried
five type of attack:
cookie poisoning attack
cookie injection attack
cookie hijacking attack
session fixation attack
cookie decryption
but I did not succeed
so any idea on how to proceed???
as I said it is a CHALLENGE FOR EDUCATION PURPOSE AND IT IS LEGAL AND HAS NOTHING TO DO WITH ILLEGAL ACTIONS OR SOME OF THE SORT
I'd look into using something like Tamper Data to let you inspect and modify the HTTP request being sent to the server. That could give you the insight you need.
Is there anywhere you could specify a path, other than the URL bar? Or perhaps you could try changing the URL if there is a directory and using its parent directory to access the file, e.g. "http://www.example.com/secret/../access.php"
no one has said it is to the best of my knowledge so please calm down. can you show us the other submissions? because the only one to have any inkling so far is chrisname (which doesnt surprise me tbh) and three other x web devs (well idk what Ess is) dont know how to do it
"I'd look into using something like Tamper Data to let you inspect and modify the HTTP request being sent to the server. That could give you the insight you need"
I already tried with many tools
Is there anywhere you could specify a path, other than the URL bar?
1) it is not vulnerable to directory traversal attack
2) it use a sophisticated 302 redirection whenever you try to access access.php and take you to denied.php
I need another special method rather than classical methods that I tried them all
There is no hack that can allow what the OP wants. You would have to literally get the source of the PHP script, and as a client you are never able to do this.
It is entirely possible though, and very easy, to ignore the redirect, but this will not get you anywhere.
Imagine you're at the post office. You head for one of the counters and it has a sign in front of it saying "closed. Use next window". At that point, there's two things you can do: you can go to the next window, or you can stand there staring at the sign and the empty chair. There's certainly nothing you can do that will make the person who is not there do whatever it is you need done.
The same thing is happening here. When you loaded http://www.example.com/access.php, you actually did get a response: a blank page plus a redirect (redirects aren't part of a page's content). The blank page is the content. You can choose to not follow the redirect, but that won't get you any more data than you already have.
I think this "academic challenge" is actually intended to be a trick question to get people to realize how the security of server-side scripting works.
I interpreted it as one of those "hackthissite"-type challenges where they present you a server with a (usually unrealistic) security flaw that you have to find.
"I interpreted it as one of those "hackthissite"-type challenges where they present you a server with a (usually unrealistic) security flaw that you have to find. "
exactly . But it is in another site which is light years more hard and difficult than the site you mentioned (which is for me easy).
what Helios and LB and DTScode said is very instructive and brilliant. May be it is a madness to try to bypass the redirection(in my challenge context of course).
EssGeEich: If this challenge has a solution, this is NOT the way to go.
May be you are totally right.
I found something new after many other attempts
I found the username of the administrator whose page is access.php
but I could not find the password
besides , there is a page (login.php) in which there is a submit form
for username and password . As I know the username , I tried to launch a brute force attack to find the password and therefore gain access to access.php but without any result.
then I tried sql injection attack by writing these syntax
or '1'='1'
or '1 = 1
or '1 or 1
and many others of the same type but I failed . So may be it is not vulnerable to sql injection attack too
but I know the username . So any suggestion maybe , any help would be appreciated
@EssGeEich
Only if it's a GET request, right? I don't think POST requests are escaped - I don't see any reason for it - and no-one in their right mind would use GET requests for SQL queries.