Brave Software: Brave: Admin Panel Access

ID H1:175366
Type hackerone
Reporter ranjith16
Modified 2017-08-10T05:11:23


Steps to reproduce

While browsing through the, it is getting redirected to a admin login panel

Consequence An attacker can easily enumerate this admin panel with the url such as and with brute force attack this can be bypassed, but I didn't do that. If a known vulnerability exists there can be chances of even taking over the sub domain.


It's recommended to give custom directory names instead of easily guessable names such as "admin" for such sensitive directories.

Please find the attached screenshots.