URL :

https://admin.redacted.io/dashboards/home

Summary :

Admin panels are publicly accessible and anyone can login to this host . Access to internal data makes changes without admin authentication.

Steps To Reproduce:

1.First create an account on main domain as user.

2.Now move to Admin Panel URL which is mostly hosted on subdomains like.

https://admin.redacted.io/dashboards/home

3.As User direct Access to Admin Panel Successfully.

Remedy :

1.This subdomain should be accessible privately.
2.Restrict to direct access to admin panels via user account.

POC: