Tricky (NooB) Way to Find & Accessed Admin PaneL…🤪

Hello All,

I’m back again with a new write up..
Again this article is about Admin Panel Access..( This is my 3rd writup on admin Access) 🤩😅

So let's start,
Consider company name as target.com.

So here i'm disclosing some secret tools which i never shared before.😅

Using this tool I found 3 DNS zone transfer vulnerability and was also rewarded for this issue.

https://github.com/davidpepper/fierce-domain-scanner

I just run this tool and few minutes later got subdomains list..

After that, opened first 4 subdomains in browser and read source code for all these websites but nothing intresting found...😀

But one of the subdomains attracts me because the subdomain was just a single page which was look like a static website.. But i was wrong..🤪

I'm a lazy person..😂 I don't do anything manually... So again i run my secret tool :- Dirhunt ♥️

Dirhunt is great tool response time is also good...♥️

I just run Dirhunt on "https://target.com/"
After 5 seconds later i found some hidden dir. ( Login Panel )

I just open this dir. 🤪 And i was like, Wew there is a Admin Login option... ( Inner me :- abhi majja aayega na bhidu..😂🤣)

Now there is simple text on this page "Login as Admin" i thought after i click on this link admin login page will pop-up... I was again wrong..😂

But there was no login page. When I click on this link, I enter directly in the admin panel...😎♥️

Quickly I made a video poc and reported it to the security team..
They fixed the issue within few minutes.😋

In one day :-
Reported > Fixed within few minutes > bounty received on same day...♥️😃

I hope you enjoyed this article and i apologize for my weak English if there is any mistakes in this post.😅

Thanks for reading my article, 😁
Stay home... Stay safe..😏
have a great day...🙂