FirstBlood-#1007Default Credentials
This issue was discovered on FirstBlood v3

On 2022-12-08, srb1mal Level 4 reported:

Title – Default credentials

I've attached 1 poc of the bug found.

Steps to reproduce -

  1. Go to the url -
  2. Try to login as default username & password as (admin) and you’ll see you’re logged in as admin.


Note-: Bugcrowd count this as P1 but I don't know if this was count as valid issue in FBV3.

Thanks and Regards, Srb1mal


Endpoint: /login.php

Parameter: username & password

Payload: admin

FirstBlood ID: 48
Vulnerability Type: Auth issues

The /drpanel/login.php endpoint contains weak credentials which allows users to access the admin panel (admin:admin)

Report Feedback


Creator & Administrator

Congratulations, you were the third user to report this finding, great work! And yes we treat this as a P1 issue :-) Sorry for the confusing emails you may of received for this submission, we were experiecing some issues