How I got $300 for Default Credential Login at Bugcrowd

Member-only story How I got $300 for Default Credential Login at Bugcrowd 🎉 Cyberbeat Follow 2 min read · Dec 12, 2023 75 1 Listen Share Press enter or click to view image in full size Photo by AltumCode on Unsplash Hi everyone, its cyberbeat again! Today I’m here to tell you about a very easy bug that I found out and hopefully will help everyone motivate you find more bugs. So there was a target that I was hacking on and I was using Shodan to look for vulnerabilities. Oh by the way, Shodan is a search engine specifically designed for internet-connected devices and systems. Unlike traditional search engines that index web content, Shodan indexes information about devices on the internet. It’s often referred to as a “search engine for hackers” because it can be used to find devices and systems that may have security vulnerabilities. I specifically use this to find vulnerabilities in the target that I’m trying to hack. Back to the story, I figured out an IP that was pointing to the target. The shodan link was looking something like www.shodan.io/host/xx.xx.xx.xx . Upon further investigation, I ran a port scan and found out that one of the port 8855, there was a login panel there (https://xx.xx.xx.xx:8855/site). I wanted to bypass the admin panel to gain access so I tried SQLMap which it failed. It didn’t clicked in my mind but suddenly when I tried admin/admin it…