FirstBlood-#324[COLLAB with isitbug] Old admin credentials still work
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-25, shreky Level 5 reported:

Summary

The old credentials given to the previous firstblood v1 are still working as before,while in the current policy its said:

 Credentials available
No credentials are available this time for FirstBlood v2.0.0 as we're still doing some testing on this.

Steps to reproduce

  1. drAdmin:s2Wpx5zfUvlSZhspJ on /login.php

Impact

Old credentials that were given on the previous hackevent are still working,however in the current scope there are no credentials given.

PoC -->

P5 Informative

Endpoint: -

Parameter: -

Payload: -

Even though this issue has been accepted as valid, no FirstBlood ID has been set for this report.

Report Feedback

@zseano

Creator & Administrator


Hi there, this was something not intended for the event and we fixed it within an hour of launch so no Bug ID will be assigned but we won't reject :)