.png)
8 months ago
61 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello, my name is Alireza and in this post I am going to explain how I was able to discover my first vulnerability in a private program And I was able to access the admin panel.
The vulnerability is as follows:
In the registration/login section of the website the user had to enter his phone number or email, then an opt code was sent to the user from the web application, and the user was authenticated by entering that code.
Considering that no restrictions were applied in this section, I was able to brute force the opt code to enter the account of any user, but this is not the end of the work.
Then I started recon using the subfinder tool and I was able to discover 3 subdomains:
1. Gitlab.site.com
2. Admin.site.com
3. Admin2.site.com
In the gitlab.site.com the Gitlab repository was public And I could see the list of admins and their emails
The admin.site.com was a normal login page but when I entered admin2.site.com with my user account, a welcome page was displayed without any login page, although no controls or options were displayed, it seemed that the web application determined our access authority on this page using cookies and I came up with an idea that was worth trying
I entered the admin email that I extracted from Gitlab.site.com in the user login section and after brute forcing the opt-code, I entered the admin account, which was no different from normal user accounts, but when I entered admin2.site.com, a complete control panel appeared!!!
Thank you for reading this write-up, I hope you enjoyed it
Best wishes to you, Rogxoor
Bengali (Bangladesh) · 
English (United States) ·