FirstBlood-#1013 — Default credentials on login page
This issue was discovered on FirstBlood v3
On 2022-12-08, lumbridge7 Level 4 reported:
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles
Hello firstblood team!
Summary
Many web applications and hardware devices have default passwords for the built-in administrative account. Although in some cases these can be randomly generated, they are often static, meaning that they can be easily guessed or obtained by an attacker.
Additionally, when new users are created on the applications, these may have predefined passwords set. These could either be generated automatically by the application, or manually created by staff. In both cases, if they are not generated in a secure manner, the passwords may be possible for an attacker to guess or to brute force with a credentials wordlist such as https://github.com/danielmiessler/SecLists/tree/master/Passwords/Default-Credentials.
Steps to reproduce
- go to https://0a71d31af52a-lumbridge7.a.firstbloodhackers.com/login.php
- log in with the credentials admin:admin
- get access to the doctor dashboard
POC
Impact
Anyone is able to access the doctor dashboard with administrative privileges by guessing or burteforcing the credentials and the drId.
P1 CRITICAL
Endpoint: /login.php
Parameter: null
Payload: null
FirstBlood ID: 48
Vulnerability Type: Auth issues
The /drpanel/login.php endpoint contains weak credentials which allows users to access the admin panel (admin:admin)