2 min readSep 21, 2021

Authentication Bypass of The Admin Panel.

👨🏼‍💻Discovered by Pratik Khalane

📄Vulnerable version: 1.0

🔗Vendor Homepage:

Bug Description:

An attacker can easily bypass the login page to get into the dashboard of the admin panel.

Steps to Reproduce:

  1. Go to the admin panel of the online SMS login page.

2. Now there are 2 ways by which you can bypass the page

i) Using Tools: Over here we can brute force the directory by using the dirbuster wordlist. By this, you can discover that there is a dashboard.php page that can lead to the admin panel very easily.

ii)Without using the tools:

Step1: Press Ctrl + U for looking at the website source code.


Step 2: Now as you can see that the form action is leading us to go for the Exlogin.php page.


Step 3: As you can see that we got the location which we can attempt to visit and bypass the admin panel.





As a penetration tester and cybersecurity researcher, I have a deep understanding of the security process to ensure all vulnerabilities are identified