FirstBlood-#1007 — Default Credentials
This issue was discovered on FirstBlood v3
On 2022-12-08, srb1mal Level 3 reported:
Title – Default credentials
I've attached 1 poc of the bug found.
Steps to reproduce -
- Go to the url - https://3dacb3767446-srb1mal.a.firstbloodhackers.com/login.php
- Try to login as default username & password as (admin) and you’ll see you’re logged in as admin.
Note-: Bugcrowd count this as P1 but I don't know if this was count as valid issue in FBV3.
Thanks and Regards, Srb1mal
username & password
FirstBlood ID: 48
Vulnerability Type: Auth issues
The /drpanel/login.php endpoint contains weak credentials which allows users to access the admin panel (admin:admin)
Creator & Administrator
Congratulations, you were the third user to report this finding, great work! And yes we treat this as a P1 issue :-) Sorry for the confusing emails you may of received for this submission, we were experiecing some issues