writeups.xyz / Bypassing a login page and getting full admin access on an internal training platform

Submitter : c2a

Date: 28 February 2024

Bounty : undisclosed

Vulnerabilities :

• Authentication Bypass
• Broken Access Control
• HTTP Response Manipulation
• Directory Listing

Programs :

• Undisclosed

Authors :

• LS (@Loupreme_)

Link :
https://medium.com/@l_s_/bypassing-a-login-page-and-getting-full-admin-access-on-an-internal-training-platform-ff5abd88135e