Admin access is still possible

FirstBlood-#358 — Admin access is still possible
This issue was discovered on FirstBlood v2

Even though this issue has been accepted as valid, no FirstBlood ID has been set for this bug & therefore it will not count towards unique bugs discovered. This may be because of the bug not working as intended and changes we made, something we do not consider an issue on BARKER, or the correct impact was not shown (For example only Open Redirect demonstrated when XSS was possible)

On 2021-10-25, twsec Level 2 reported:


Hi, since all vulns were fixed and no credentials are available this time, 

i was still able to login using the drAdmin and password from previous event.
not sure if i should report this but here i am.

This report has been publicly disclosed for everyone to view

P5 Informative

Endpoint: /login/php

Parameter: just login

Payload: password from past event

Even though this issue has been accepted as valid, no FirstBlood ID has been set for this report.

Report Feedback

@zseano

Creator & Administrator

Accepted as informative.

BugBountyHunter

Report Feedback

@zseano