FirstBlood-#309Admin Panel Exposure by old credentials
This issue was discovered on FirstBlood v2

On 2021-10-25, newrouge Level 3 reported:

Hey, i found that although there is no credentials given this time but old credentials still work and leads to Admin Panel Exposure.


  1. GO to
  2. Enter credentials drAdmin - s2Wpx5zfUvlSZhspJ and you will have full admin panel access.

Thank you


P5 Informative

Endpoint: /login.php

Parameter: N/A

Payload: drAdmin : s2Wpx5zfUvlSZhspJ

Even though this issue has been accepted as valid, no FirstBlood ID has been set for this report.

Report Feedback


Creator & Administrator

Hi newrogue, this was something not intended for the event and we fixed it within an hour of launch so no Bug ID will be assigned but we won't reject also :)