dev.cmess.thm
ffuf found a virtual host / sub-domain; dev.cmess.thm
The webroot shows a development log;
- A bug in the
.htaccessfile due to misconfiguration - CLEARTEXT CREDENTIAL for the admin page
andre@cmess.thm:KPFTN_f2yxe%
Fuzzing
┌──(kali㉿kali)-[~/archive/thm/cmess]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -t 200 -u http://dev.cmess.thm/FUZZ -ic
________________________________________________
:: Method : GET
:: URL : http://dev.cmess.thm/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 200
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
.htaccess [Status: 403, Size: 278, Words: 20, Lines: 10, Duration: 138ms]
.htpasswd [Status: 403, Size: 278, Words: 20, Lines: 10, Duration: 2415ms]
server-status [Status: 403, Size: 278, Words: 20, Lines: 10, Duration: 37ms]
:: Progress: [20476/20476] :: Job [1/1] :: 188 req/sec :: Duration: [0:00:17] :: Errors: 0 ::Nothing found