FirstBlood-#358Admin access is still possible
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-25, twsec Level 2 reported:

Hi, since all vulns were fixed and no credentials are available this time,

i was still able to login using the drAdmin and password from previous event.

not sure if i should report this but here i am.

P5 Informative

Endpoint: /login/php

Parameter: just login

Payload: password from past event

Even though this issue has been accepted as valid, no FirstBlood ID has been set for this report.

Report Feedback

@zseano

Creator & Administrator


Accepted as informative.