Super Admin panel without Credentials
2021-12-16 01:18:06 Author: infosecwriteups.com(查看原文) 阅读量:23 收藏

Rizwan_siddiqui

As-Salaam-Alaikum.

I am back with another writeup I hope you Guys are hunting and earning bounty. This Time I was able to access Super Admin panel without Credentials 😎 . let’s start

I was hunting vdp program let’s call it vdp.com. There is hug scope 82k subdomain after using httpx it come to 6k subdomain. I was just scrolling and checking each subdomain one by one after some time I just open this subdomain https://selectwifi.vdp.com. I have i one problem whenever i hunt on any program I always use burp in background To see how the url open and what change happen behind the seen I open that url and I see this login page.

Login page

login page

There is no signup page only login page is there . I just wait here and think what can I do here. I use waybackurls and gau nothing find . After that I use gospider tool they give me bunch of url some js file some css file i was just scrolling and found this url http://admin.selectwifi.vdp.com/dashboard-super.html i open that url and i see super Admin panel . But it redirect to me the login page after some time seeing burp suit and thinking why they redirect me to the login is there any validation on client side or on server side. After figuring it out . Tt validate on client side by js file which I found on gospider . I just simply disbale javascript in my browser And i am able to use full super Admin panel .there is lot more things like staff page announcement page that there I can make announcement for all staff members.

Raju.

文章来源: https://infosecwriteups.com/super-admin-panel-without-credentials-c2022a23bb35?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh