33

Just found an admin portal online. There was a modal asking for password, but in background the portal was visible. ctrl + shift + i and then closed the modal.

Voila, the whole portal and actions are accessible. Seriously, who develops things like these?

I am pretty sure it's vulnerable to sqli and xss too.

Comments
  • 7
    I secretly hope that they do that on purpose as a little prize for the people who get past it.
  • 8
    Push sqlmap & metasploit on it, going full hail Mary.

    Who knows, you might just gets a nice reverse shell..

    :p

    Disclaimer: I cannot be held responsible nor affiliated with any damage this may cause.
  • 1
    @lotd why would I need a reverse shell. I won't even touch that server with a ten foot pole. If I found the vulnerability, someone would have found and exploited it too. And God knows what malware or logic bomb that attacker might have planted...
  • 1
    @abhi-inc duno.

    Could be a good guy & report it to em..
    Hope they don't file a case in you for attacking you.. Lol.
  • 4
    Well.. VPN, VM and a snapshot with Kali and you're good to go
    Tor is probably better tough
    Same thing as @lotd, this is just for educative purpose, if you do something illegal, don't blame me thanks
  • 8
    @lo98be There should be an "Illegal shit" lisence for that so you wouldn't have to type it out every time

    Disclaimer: If you create this lisence and it doesn't hold and still gets you in trouble then I'm not responsible.
  • 1
    @Froot hahaha... People want to automate and skip everything...
  • 0
    @abhi-inc not people, WE want it
Add Comment