hi :D
this my write up about my bug I've found on ibm.com, while I'm searching on subdomains, I found gitlab repo on for.example.ibm.com
And Leak of Database Credentials at config.json
"db_user":"blabladmin",
"db_password":"15616124IJG_EXAMPLE_",
"db_host":"admin.example.ibm.com",
"db_port":50001",
db_schema":"MYDB_EXAMPEL",
"db_name":"DB"
By Logging with the following credentials "blabaladmin":'15616124IJG_EXAMPLE_'
you will have access to the database as Administrator
here i can delete/add users
upload files to database
impact :
Access IBM Database, Delete Tables, Add Users, Upload Files, Run SQL Statements at SQL Editor
Resolved :)
Comments
Post a Comment