In this article, we are telling you about the leftover debug code. You may have never heard of the name of leftover debug code before, because most of the time you do not even get videos about it.
Like this, very few people know about this bug but we want to tell you that if you find this bug in a website, in such a way you can access the admin panel without username or password.
You will also be told about the leftover debug code practically it is called a critical bug because a normal user can access the admin panel because of this bug.
Admin panel find using katanaframework
How to hack website admin panel
Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.
Leftover Debug Code
Before practically telling about the Leftover Debug Code, we want to tell you as if we know that we also get the option of advance search on google where we can search according to the tags.
As we have told you in footprinting how we can use google advance search, in such a way you will also be told here in lab how to find admin panel dashboard with the help of advance search.
In such a way, you get parameters with the help of burp suite or in the inspect element, in such a way, even a normal user knows by accessing the admin panel without user name or password.
In such a way you can understand if everyone can access the admin panel. how much damage That website.
As you read this article, you will understand everything how the Leftover Debug Code bug works on a website and how it can harm a website.
Leftover Debug Code Example ?
Let us now tell you the example of Leftover Debug Code, we are telling you all this by doing testing on the platform, but while doing some kind of live bug hunting, you can do the same.
https://application.security/free-application-security-training/owasp-top-10-leftover-debug-code
As you can see in the image, the Leftover Debug Code is open in front of you in this way, here you get a vulnerable platform on which you can test for the Leftover Debug Code bug.
Here when you go to the next step you will be able to see that you are asked to open google, you have to do the same way when you do bug hunting, you still have to do this through google.
After doing all this, you get the parameters for searching in advance, you get many more similar parameters, which you have been told in footprinting, you can also read our article.
As soon as you search, you can see that you have some searches, here you have to open a website with no first, here if you open any other website, in that case it will not be open.
As soon as this website is open, you will be able to see the dashboard of the admin panel becomes open in front of you in such a way that normally we get on some kind of website as well, you are being shown here.
After doing all this, when you look in the code, you will be able to see that the parameters are shown as you can see in the image, here you just have to open this link and bypass the admin panel.
Just like if you want to see this in any kind of live website, you can also see it by sourceing the view page as you can see in the image, as well as you get show in the burp suite as well.
After doing all this, when you open this link, in such a way the dashboard of the admin panel becomes open, here we have not filled any kind of username and password and also accessed the admin panel.
In such a way, you can understand yourself if hackers have access to the admin panel of a website, in such a situation, they can run the complete website according to themselves and how much damage can that website do to them.
The Conclusion
I hope that you have come to know about the Leftover Debug Code, we have told you here both practically and theory about the Leftover Debug Code, in the same way you can use it in bug hunting.
Here we want to tell you one thing that it is not always that you get parameters only in the name of headless. It depends on your skills and your advance searches. You get parameters for advance search on google.
You can also use them as we search for sql injection vulnerable websites through google searches, similarly you have to find the Leftover Debug Code bug using the parameters here too.
If you have any kind of question related to Leftover Debug Code, in such a way, you can ask in the comment, we will help you completely, we hope that you will definitely like our article.
You have been told many types of articles on bug bounty earlier which are talked about very little like personally identifiable information pii, privilege escalation vulnerability.
Subscribe to our blog for latest updates.
Sharing is caring
Thankyou
Leave a Reply