Joshua Lictan (https://github.com/skid-nochizplz/skid-nochizplz)
https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html
/task-info.php
if ($user_id == NULL || $security_key == NULL) {
header('Location: index.php');
}
Burp Suite
- Using Burp, intercept the GET request to /manage-admin.php.
- After capturing the GET request to /manage-admin.php, intercept the response to the request and forward the request.
- Change the response HTTP status from "302 Found" to "200 OK" and click forward.
- Now you can successfully access /manage-admin.php without authentication.