Easy Admin Access — RVDP
Accessing the hidden admin portal with default credentials
So, recently was in mood of finding bugs on company’s site having RVDP. Found one target through a simple Google search and started to work on it. Now, jumping straight into how I found this.
Initial Reconnaissance
Initially, I examined the company’s main website, looking at every page and link to identify any obvious security flaws. However, after a looking at the primary domain, I got nothing worthy. It seemed that the company had taken significant measures to protect their primary domain. Then I decided to further expand the scope and using my bash one liner I enumerated subdomains passively. I found a bunch of subdomains and then using httpx I checked for active subdomains and found 11 active ones.
I checked few subdomains from top and then went on to check with the staging.redacted.com subdomain.
Hacking The Subdomain
When initially I tried to access the subdomain, it threw a pop up asking for username and password.
Next, I tried to access this with the IP, but it didn’t work either as it gave not found error.
So, now after this, I thought of looking for any open ports on this IP using NMAP. Got few open ports and one of the ports caught my attention. When tried to access the IP with the open port and http protocol, it landed on some employee management portal.
So, this is some third-party service the target was using and when checked on internet, easy time pro is used for attendance and inventory management things. Here as seen, 2 different sign-ins are there, one for admin and other for employee login.
I tried using default credentials on admin portal, and simply got the admin access 🐧!
Find the other similar finding here.
Update: It's been almost a month now since I reported the bug to their team, and even though they have a public RVDP, they haven’t responded me with at least any sort of acknowledgement after my 2 reminders. This is what discourages any security researcher from reporting bugs in RVDP, no matter how critical bugs are. But let’s keep hacking, that’s what our job is!!!
Stay safe, stay informed, and keep coming back for more empowering insights.
Thank You for reading. Knowledge is power, so keep gaining!!
