Unveiling hidden data: a log file's security breach
ROBERT KRUCZEK
Unveiling hidden data during 2023 pentest: how a misplaced log file can compromise 2FA security. Conducting penetration tests requires the use of existing solutions that significantly facilitate the work. For web applications, it is valuable to recognize the structure of directories or find files of interest. For this purpose, we can use applications such as: ffuf, dirbuster, gobuster. During the discussed test, I used the ffuf tool with a basic dictionary available publicly: https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common.txt
READ article
