Hardcoded credentials
One of the deadly sins of developers is to hardcode backdoor information within a compiled application. The following screenshot discloses the backdoor username and password left behind by the developers, either to diagnose an issue or something similar.
Now, if you use the username customerservice
with the password Acc0uNTM@n@g3mEnT
, you will see an additional option to Manage Users:
Note
If the customercare
user is not available in the database, you may log in as androidguy93
with the password goatdroid
.
Get Mobile Application Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.