- Default Software Configurations for admin console of webapp
https://www.target.com/admin
https://www.target.com/admin-console
https://www.target.com/console
https://admin.target.com
https://admin-console.target.com
https://console.target.com
- When the admin console login page is working on a third party service,then just search for it's default credentials on Google
- Third Party service URL are of the format: https://target..com/login
- Some examples are Okta,WP etc
-
This bypass is used when you are forbidden to get access to admin login page
-
We use Header Injection for this bypass
-
X-Orginal-URL: /admin
orX-Rewrite-URL:/admin
-
Use this Header under Host
- Use Burp to capture then check
- https://hackerone.com/reports/192074
- https://hackerone.com/reports/174883
- https://hackerone.com/reports/398797
https://www.owasp.org/index.php/Testing_for_default_credentials_(OTG-AUTHN-002) https://www.owasp.org/index.php/Testing_for_Default_or_Guessable_User_Account_(OWASP-AT-003)