How do I found Critical Bug in 5 Minutes
Hi Friends!
This is my 16th blog on web application security penetration testing. In this blog I will explain how I was able to find Critical Bug in 5 minutes in a private program. In my last blog, I have explained about Authentication Bypass via response manipulation. Hope you people liked it. If you haven’t read it yet please follow along.
I was hunting in one of the private program. After performing some R&D I have decided to brute force file path. You can use several tools to do it like,
- DIRB.
- Dirbuster.
- Wfuzz.
- Metasploit.
- Dirserach
Below is the simple POC of step by step exploitation.
- After brute-forcing found Axis2 Administration Console.
2. I have simply googled Axis2 Administration Console default credentials.
3. Tried Login with default credentials which is,
Username: admin
Password: Axis2
Boom!
Logged in successfully with default credentials as shown in below screenshot.
Impact:
It leads to account takeover to admin user and compromised the whole security of the resources accessible to admin user. Admin can upload services also can be able to activate or deactivate services.
Recommendation:
It is recommended to remove or change default credentials for admin portal as well as disable admin portal for public users.
References:
Please do like and follow for more reads!
Thanks!
