All Projects

ID Status Summary Opened by
 65 Closed Unauthorized Access to Admin Page via Exposed Credentia ...roneil Task Description

Good day Team,
This is Unauthorized Access to Admin Page via Exposed Credentials on GitHub

- admin.alwaysdata.com

Summary:
Sensitive credentials for an admin account were found exposed on a public GitHub repository. Using these credentials, an attacker can gain unauthorized access to the admin page of phpmyadmin.alwaysdata.com.

Description:
Credentials for an admin user were discovered using a Google dork on GitHub. The dork revealed an admin username and password that allowed access to the admin page of phpmyadmin.alwaysdata.com.

Steps to Reproduce:

1. Go to GitHub and use the search dork: "admin.alwaysdata.com" password.
2. Identify a public repository containing the admin username and password.
3. Navigate to https://phpmyadmin.alwaysdata.com/.
4. Use the discovered credentials to log in.
5. Observe that you have successfully logged in as an admin user.

Proof of Concept: https://drive.google.com/file/d/12dmKXf-6hwk-VZdozGl2FyvsbiVjDZA6/view?usp=sharing

Impact:
Unauthorized access to sensitive data and administrative functionalities.

Showing tasks 1 - 1 of 1 Page 1 of 1

Available keyboard shortcuts

Tasklist

Task Details

Task Editing