From: Alviro Iskandar Setiawan <[email protected]>
To: Louvian Lyndal <[email protected]>
Cc: Ammar Faizi <[email protected]>,
Michael William Jonathan <[email protected]>,
"GNU/Weeb Mailing List" <[email protected]>
Subject: Re: gwcfd v3
Date: Tue, 22 Oct 2024 05:29:47 +0700 [thread overview]
Message-ID: <CAOG64qNm7kWQ829B-5jWZdVHWj=ypzgFgmS1F3KZp3rnMKYfPw@mail.gmail.com> (raw)
In-Reply-To: <CAP2ubgK1rLnUwjgA0m0ziBT1b0VVzjwRzEJG=84mQZZywirrww@mail.gmail.com>
On Tue, Oct 22, 2024 at 4:57 AM Louvian Lyndal wrote:
> Last night, I reported a glaring vulnerability in the CF ticketing
> system to ticket2u customer service. In return, they gifted me this
> brilliant response:
>
> "Hi. The link to view/download the ticket is only sent to the
> registered email during ticket purchase. Not all buyers create
> ticket2u accounts to make a purchase. If a guest account is used, it
> won’t be bound to a user account. Thank you."
>
> I even included a sample URL that anyone could access without login,
> but apparently, that's just how they like it-wide open and welcoming
> to all.
Can you give me a sample or the dump file?
How far does the vulnerability give you access to their system?
-- Viro
next prev parent reply other threads:[~2024-10-21 22:30 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-21 21:57 gwcfd v3 Louvian Lyndal
2024-10-21 22:29 ` Alviro Iskandar Setiawan [this message]
2024-10-21 23:10 ` Louvian Lyndal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAOG64qNm7kWQ829B-5jWZdVHWj=ypzgFgmS1F3KZp3rnMKYfPw@mail.gmail.com' \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox