From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org; s=default; t=1682582032; bh=550VRbFjoIiyperbS9PrHEalLUcsAiaVdRdV4mNcaXw=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=piXiAdvr3YO54JRUByd0CyPJS+U8ryuoqXBzd0yvD+gnj6JU2lTCOF9x6X3Jkamki 7/7TwpxEpFCRgX3s0UnWZbzKJmr9fUatijnpfw5matON9EqcAbN+9q07B7nhJvL6DQ KM2aI0KTWbyLePKpMG7mjdFYY9zCTEXLUI6lN2N5IDsn5IRwfa2O2yiEc+SIyraiSp w4moEo6W6qpKm5uPJsniQWTiXhEDv/H3bolfQndDVkGh0rWjHk0QZqxlmBAS+cnj6+ mosafWBnq3y7CFW+VtQRllNoKYVnQU2AGUQDLSTa+dV8BHRYAyAcLU+Mce7+Z7AZX5 w6cE4lHhqtDZg== Received: from mail-oi1-f181.google.com (mail-oi1-f181.google.com [209.85.167.181]) by gnuweeb.org (Postfix) with ESMTPSA id 23F58245861 for ; Thu, 27 Apr 2023 14:53:52 +0700 (WIB) Received: by mail-oi1-f181.google.com with SMTP id 5614622812f47-38bef71c258so5604077b6e.2 for ; Thu, 27 Apr 2023 00:53:52 -0700 (PDT) X-Gm-Message-State: AC+VfDwuwo5VyzolamTfJoh2JVgC5PbYB06QUzdsbV085uSpNA0cI5mF KhAS5+qIYIkL7zco8nOf/0LYOCSZOhYbq3Y4PD0= X-Google-Smtp-Source: ACHHUZ4Zd0p7U0roL7GwWYracDBfx9j44XOk0wXzjJzfk11EFBvZ/L3cBtXMcoAnQpobJS/FrceebqO97/fYNgw6N4A= X-Received: by 2002:aca:1a0a:0:b0:38e:2993:be7f with SMTP id a10-20020aca1a0a000000b0038e2993be7fmr248783oia.38.1682582031057; Thu, 27 Apr 2023 00:53:51 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Michael William Jonathan Date: Thu, 27 Apr 2023 14:53:39 +0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Another CF ticketing system vuln To: Alviro Iskandar Setiawan Cc: Ammar Faizi , "GNU/Weeb Mailing List" Content-Type: multipart/alternative; boundary="000000000000444abb05fa4ca84e" List-Id: --000000000000444abb05fa4ca84e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I can't say anything else, KiosTix really has to re-generate all existing tickets :v -- Moe On Thu, Apr 27, 2023 at 2:25=E2=80=AFPM Alviro Iskandar Setiawan < alviro.iskandar@gnuweeb.org> wrote: > Hi, > > I found a new vulnerability. > > This one requires a bit of computational work, but still easy if you > use your brain hard enough. Details in the attachment. > > gcc -Wall -O2 gwcfdump_v4.c -o gwcfdump_v4 -lpthread -lcurl -ljson-c; > ./gwcfdump_v4; > > -- Viro > --000000000000444abb05fa4ca84e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I can't say anything else, KiosTix re= ally has to re-generate all existing tickets :v

--
Moe

On Th= u, Apr 27, 2023 at 2:25=E2=80=AFPM Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org> wro= te:
Hi,

I found a new vulnerability.

This one requires a bit of computational work, but still easy if you
use your brain hard enough. Details in the attachment.

gcc -Wall -O2 gwcfdump_v4.c -o gwcfdump_v4 -lpthread -lcurl -ljson-c;
./gwcfdump_v4;

-- Viro
--000000000000444abb05fa4ca84e--