While doing some recon for railto sub-domains. i came across a most critical bug which lets me complete access of https://staging.railto.com. i can add anything and removing anythings as i got the ADMIN level privilege.
- Go to https://staging.railto.com/admin url.
- Set username as admin and password as password to login the admin page. Since password is too easy to guess, i was like what... after finding this bug.
- If unauthorized people has got this bug then he could use it in a bad way.
I didn't want to move forward because i am not an admin of this page and i dont want you guys in trouble. If it is not enough then i will provide a detail poc
Admin of the page is simple enough.