mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 10:26:11 +00:00
Added default credential
This commit is contained in:
parent
f82c55f9f5
commit
5c6916174a
2
.github/FUNDING.yml
vendored
2
.github/FUNDING.yml
vendored
@ -1,2 +0,0 @@
|
||||
# These are supported funding model platforms
|
||||
custom: paypal.me/md15ev
|
17
Misc/Default Credentials.md
Normal file
17
Misc/Default Credentials.md
Normal file
@ -0,0 +1,17 @@
|
||||
# Default Credentials
|
||||
|
||||
## Introduction
|
||||
A Default Credential vulnerability is a type of vulnerability in a computing device that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings.
|
||||
|
||||
## How to find
|
||||
1. Find out type of CMS / Software is used by the website you are testing, for example the website is using grafana
|
||||
2. Find the admin login
|
||||
3. Find the information about default credential using repositories below
|
||||
|
||||
## Useful Repositories
|
||||
- [@ihebski](https://github.com/ihebski/DefaultCreds-cheat-sheet)
|
||||
- [@many-passwords](https://github.com/many-passwords/many-passwords)
|
||||
|
||||
## References
|
||||
- [OWASP 04-Authentication Testing](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials)
|
||||
- [HackerOne #398797](https://hackerone.com/reports/398797)
|
Loading…
Reference in New Issue
Block a user