FirstBlood-#1013 — Default credentials on login page
This issue was discovered on FirstBlood v3
On 2022-12-08, lumbridge7 Level 4 reported:
Hello firstblood team!
Many web applications and hardware devices have default passwords for the built-in administrative account. Although in some cases these can be randomly generated, they are often static, meaning that they can be easily guessed or obtained by an attacker.
Additionally, when new users are created on the applications, these may have predefined passwords set. These could either be generated automatically by the application, or manually created by staff. In both cases, if they are not generated in a secure manner, the passwords may be possible for an attacker to guess or to brute force with a credentials wordlist such as https://github.com/danielmiessler/SecLists/tree/master/Passwords/Default-Credentials.
Steps to reproduce
- go to https://0a71d31af52a-lumbridge7.a.firstbloodhackers.com/login.php
- log in with the credentials admin:admin
- get access to the doctor dashboard
Anyone is able to access the doctor dashboard with administrative privileges by guessing or burteforcing the credentials and the drId.
FirstBlood ID: 48
Vulnerability Type: Auth issues
The /drpanel/login.php endpoint contains weak credentials which allows users to access the admin panel (admin:admin)