Re: gwcfd v3

[Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>]

On Tue, Oct 22, 2024 at 4:57 AM Louvian Lyndal wrote:
> Last night, I reported a glaring vulnerability in the CF ticketing
> system to ticket2u customer service. In return, they gifted me this
> brilliant response:
>
> "Hi. The link to view/download the ticket is only sent to the
> registered email during ticket purchase. Not all buyers create
> ticket2u accounts to make a purchase. If a guest account is used, it
> won’t be bound to a user account. Thank you."
>
> I even included a sample URL that anyone could access without login,
> but apparently, that's just how they like it-wide open and welcoming
> to all.

Can you give me a sample or the dump file?
How far does the vulnerability give you access to their system?

-- Viro