I am getting bored in my room, So i think it would be better to write something about bug bounty.
I found this vulnerability on Nokia's one of the service (keycloak) several weeks ago.
Beginning of the hunting
"sublist3r" > "one of my favourite script" (that works together e,g; aquatone + knockpy) > "webscreenshots"
I gathered all sub domains basic informations!
Now it's time to check interesting sub-domains frontend!
Saw few but nothing special.
Then found this http://wifi.dev.nokia.com/
it seems interesting to me because it looks like developer portal or something.
The next thing made it more interesting is "Administrator Console"
The admin panel URL was http://wifi.dev.nokia.com/auth/admin/
1st attempt was admin:admin and the 2nd was admin:password
It took few seconds to redirect me to the admin panel and I was like wwooww :v
Vulnerability has been fixed but my I was unlucky to report it before someone else!
2 Comments
Go Ahead Haecks
ReplyDeletebruh
ReplyDeletePost a Comment