Security Misconfiguration
Default Credentials leading to Admin Portal Access.
Many web applications and hardware devices have default passwords for the built-in administrator account. Although these can be randomly generated, they are often static, meaning they can be easily guessed or obtained by an attacker.
Additionally, when new users are created on the applications, these may have predefined passwords set. These could either be generated automatically by the application or manually created by the staff. In both cases, if they are not developed securely, the passwords may be possible for an attacker to guess.
How I was able to identify this vulnerability?
The application had a wide scope range, I simply did a subdomain discovery and found a domain which is using GeoServer.
I did some recon about GeoServer and what I have done is to do a content discovery using “dirsearch” I was able to identify an endpoint which was asking me to log in “/org.geoserver.web.GeoServerLoginPage”
I tried googling for default credentials, and I tried giving these to my surprise they did work and I was able to login into the admin portal