Sep 21, 2021CVE-2021–36560Authentication Bypass of The Admin Panel. 👨🏼💻Discovered by Pratik Khalane 📄Vulnerable version: 1.0 🔗Vendor Homepage: https://www.sourcecodester.com/ Bug Description: An attacker can easily bypass the login page to get into the dashboard of the admin panel. Steps to Reproduce: Go to the admin panel of the online SMS login page. 2. Now there are 2 ways by which you can bypass the…Bugbounting2 min read
Published in InfoSec Write-ups·Jul 21, 2021Unauthenticated Access To MongoDB Database of Oracle CorporationHello everyone, today I will be talking about one of the critical bugs which I found in the Oracle Corporation. Now, let’s start with the recon process Step 1 : 1)There are multiple tools by which you can get subdomains, a few of them are given below… i) Findomain ii)…Unauthenticated2 min read
Jun 21, 2021CVE-2021–35336Use of Default Credentials to Unauthorised Remote Access of Internal Panel of Tieline. 👨🏼💻Discovered by Pratik Khalane 📝Published on 01/07/2021. 📄Vulnerable version ≤ 2.6.4.8 🔗Vendor Homepage: https://tieline.com/gateway/ CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35336 Bug Description: A vulnerability in the Tieline Web Administrative Interface on Version 2.6.4.8 and Below Could allow an Unauthenticated Remote User to access a sensitive part of the system with a high privileged account.2 min read
Published in InfoSec Write-ups·Jun 15, 2021How I was able to bypass the admin portal by using the default credentials in BBC Corporation.Hello everyone, today I will be talking about one of the critical bug which I found on the BBC website which is bypassing the admin portal using the default credentials. Now, let’s start with the recon process Step 1 : 1)There are multiple tools by which you can get subdomains…3 min read
Published in InfoSec Write-ups·Jun 11, 2021How I was able to bypass the admin panel without the credentials.This is my first article and I hope you guys will surely learn something new. Since I am not allowed to disclose the information about the company, let’s assume it as example.com. The main domain was the only scope to test for finding vulnerabilities. Now Lets Jump into the bug…………. …Vulnerability5 min read