Unauthorized access to the admin panel via leaked credentials on the WayBackMachine
2023-5-1 16:5:49 Author: infosecwriteups.com(查看原文) 阅读量:16 收藏

Hello my friends, Today I want to talk about one of my admin panel bypass methods which leads me to easily bypass the admin panel.

In my pervasive write-up, I noticed the power of the Wayback Machine and how it helped me to discover the hidden endpoints and exploit an XSS on a famous bank, Here is the write-up:

So, Today I want to show you how to think out of the box and use this.

Let’s talk about the recon part, The program specified that the target.com domain was in scope, and after subdomains enumeration, I started fuzzing the directories of one of the subdomains and finally arrived at a specific path.

When you opened the desired path, a message was displayed requiring a username and password to access this path, which was received as a GET Base parameter.

I started searching Google and the Wayback Machine and GitHub and all the indexes, but I couldn’t find anything that pointed directly to this particular path in the target.com domain to maybe finds some sensitive information could be found.

While searching on Google, I came across some sites that seem to be using the source of the subdomain, but these domains were not in scope. To test I opened the directory in the out-of-scope domains. for one of them, my Wayback Machine extension was activated and some archived paths were detected.

I opened the archived paths and found a few usernames, passwords, and specific endpoints. I replaced them in the subdomain in scope and one of them worked correctly and I got access to the admin panel. Now I’m In.

Thank you for following me here, Don’t forget to follow me for more write-ups.

Twitter 🐦


文章来源: https://infosecwriteups.com/unauthorized-access-to-the-admin-panel-via-leaked-credentials-on-the-waybackmachine-55c3307141c6?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh