Accessing the hidden admin portal with default credentials
Hey fellow hackers, hope you all are hacking well 😎!! This is another instance where I found a bug on a web application that granted me access to the admin portal with default credentials. The previous one, you can read it from here.
This time, the target was a leading service provider in India. Being its customer for quite some time now, I decided to give a try and was fortunate enough to find a bug 😅.
Initial Reconnaissance
Started with subdomain enumeration, got 195 live subdomains.
Just started to give an initial look on subdomains one by one to know what different functionalities they might have. Came across one subdomain which landed on an Apache Tomcat default index page.
Next when I tried to check on Server Status & Manager App, it asked for username and password.
Next, I tried few default credentials and admin:admin worked!!
Reported the finding with all the relevant details, hope they take their security seriously and reply back 🤞
If anyone knows how this bug can be used to show high/critical impact, please comment. Because other than server details I haven’t found anything much sensitive here, so if anyone knows how to take this further, do share.
Stay safe, stay informed, and keep coming back for more empowering insights.
Thank You for reading. Knowledge is power, so keep gaining!!