FirstBlood-#358 — Admin access is still possible
This issue was discovered on FirstBlood v2
On 2021-10-25, twsec Level 2 reported:
Hi, since all vulns were fixed and no credentials are available this time,
![](https://res.cloudinary.com/bugbountynotes/image/upload/v1635174987/lxjayfd4ehilkgzpipw6.jpg)
i was still able to login using the drAdmin and password from previous event.
not sure if i should report this but here i am.
![](https://res.cloudinary.com/bugbountynotes/image/upload/v1635175084/x3tdea26lsxvejc3m5fm.jpg)
![](https://res.cloudinary.com/bugbountynotes/image/upload/v1635175266/q9gq177ixgrtntmub04r.jpg)
P5 Informative
Endpoint: /login/php
Parameter: just login
Payload: password from past event
Even though this issue has been accepted as valid, no FirstBlood ID has been set for this report.
Creator & Administrator
Accepted as informative.