daffainfo
/
AllAboutBugBounty
mirror of https://github.com/daffainfo/AllAboutBugBounty.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added default credential

pull/9/head
daffainfo 2022-09-21 20:22:58 +07:00
parent f82c55f9f5
commit 5c6916174a
3 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/FUNDING.yml vendored
View File

@ -1,2 +0,0 @@
# These are supported funding model platforms
custom: paypal.me/md15ev

0
Misc/Default Credentials
View File

17
Misc/Default Credentials.md Normal file
View File

@ -0,0 +1,17 @@
# Default Credentials
## Introduction
A Default Credential vulnerability is a type of vulnerability in a computing device that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings.
## How to find
1. Find out type of CMS / Software is used by the website you are testing, for example the website is using grafana
2. Find the admin login
3. Find the information about default credential using repositories below
## Useful Repositories
- [@ihebski](https://github.com/ihebski/DefaultCreds-cheat-sheet)
- [@many-passwords](https://github.com/many-passwords/many-passwords)
## References
- [OWASP 04-Authentication Testing](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials)
- [HackerOne #398797](https://hackerone.com/reports/398797)