Accessing to domain “https://redacted.com” it was not shown anything important, just a web page like any other, so we don’t need any evidence.
Navigating to “https://redacted.com/administration/login”, as obvious, an admin login form was shown. Nice !! :
Some login attemps were tried with default passwords like admin/admin but there were no success:
While taking a look in “admin-login.js” file content, it was identified the following line, which took my attention:
That line was verifying that if exists an item called “token” in localStorage with value “loggedadmin”, the application redirects to “/administration/app”. So easy ??.
Then, i went to “development tools” and created a new item in browser:
Reloading the application, a redirection to “/administration/app” was done and access to internal application as “admin” was granted, showing information from “customers” and “orders”:
Vulnerability was fixed and a humble reward was received !!! .
Sometimes, we get frustrated with some webs and go through things that are very valuable, so remember to check everything.
I hope you liked it.
“Don’t give up, great things take time.”