[COLLAB with isitbug] Old admin credentials still work

FirstBlood-#324 — [COLLAB with isitbug] Old admin credentials still work
This issue was discovered on FirstBlood v2

Even though this issue has been accepted as valid, no FirstBlood ID has been set for this bug & therefore it will not count towards unique bugs discovered. This may be because of the bug not working as intended and changes we made, something we do not consider an issue on BARKER, or the correct impact was not shown (For example only Open Redirect demonstrated when XSS was possible)

On 2021-10-25, shreky Level 4 reported:


        Summary
The old credentials given to the previous firstblood v1 are still working as before,while in the current policy its said:
 Credentials available
No credentials are available this time for FirstBlood v2.0.0 as we're still doing some testing on this.
Steps to reproduce

drAdmin:s2Wpx5zfUvlSZhspJ on /login.php

Impact
Old credentials that were given on the previous hackevent are still working,however in the current scope there are no credentials given.
PoC -->

This report has been publicly disclosed for everyone to view

P5 Informative

Endpoint: -

Parameter: -

Payload: -

Even though this issue has been accepted as valid, no FirstBlood ID has been set for this report.

Report Feedback

@zseano

Creator & Administrator

Hi there, this was something not intended for the event and we fixed it within an hour of launch so no Bug ID will be assigned but we won't reject :)

BugBountyHunter

Summary

Steps to reproduce

Impact

Report Feedback

@zseano