From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org; s=default; t=1682143383; bh=/+SOqNE1IGf4AdeYepF6MjgZl2eyUKP5Mqx5j8/KrYA=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=LGTtGjfT0iOOqq9k8dm62sElwLEsv2DxUVf4L425kYQvA97Ce6ELCy12gp6AJt9UB ApHzbooP/8+Vt8kF0is9UQi9Tfa+1TiOJ4EpAR51dVO9o9IbkJI1NU8Vb9o0VqsKMp AKaSo0NdJSgwO/d3VgAbTvWycHRFN/wSajl4Ysjhjb+xIM8jR+9sa3s9pRNGDHwBGM spzd9VYdgzlmSirsgskQJOtqInLsOpfl+ZwpHlFfoT2QIBC5yqbjciVCNZgqSy95lD Y5WY3kd5gykHAbY58m2an0p/V+9Qiju+z63pjebUZxpM0gHjbSXRHLh316AJGZ45d5 Wb3wXycTSg+0g== Received: from mail-lj1-f170.google.com (mail-lj1-f170.google.com [209.85.208.170]) by gnuweeb.org (Postfix) with ESMTPSA id BA15A2457C6 for ; Sat, 22 Apr 2023 13:03:03 +0700 (WIB) Received: by mail-lj1-f170.google.com with SMTP id 38308e7fff4ca-2a8bae45579so22172641fa.0 for ; Fri, 21 Apr 2023 23:03:03 -0700 (PDT) X-Gm-Message-State: AAQBX9dGcEfxyjb645yX/kaSvTYk6nOA96VHumFQuLv77gS36YUL336s +NN9EhMrI15EBJyUUZaOYWYSw8pJUpANI1Q1CSE= X-Google-Smtp-Source: AKy350bhzH0kYxk590FjnsZ+aLG9tCthzZfSe1M4Xvq0DlaR3NUVkim87rQCGNdxNAKZGagjLXctCr1za/TWF07zpRQ= X-Received: by 2002:a2e:91ce:0:b0:2a7:a5a4:b878 with SMTP id u14-20020a2e91ce000000b002a7a5a4b878mr1282749ljg.50.1682143381490; Fri, 21 Apr 2023 23:03:01 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Alviro Iskandar Setiawan Date: Sat, 22 Apr 2023 13:02:49 +0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: CF ticketing system is still vulnerable To: Ammar Faizi Cc: Michael William Jonathan , "GNU/Weeb Mailing List" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: On Sat, Apr 22, 2023 at 9:35=E2=80=AFAM Ammar Faizi wrote: > They just said they have fixed the vuln. Please verify that it's > actually fixed, then you can sleep well. Looks good to me. Now the endpoint returns {"success":false}. Acked-by: Alviro Iskandar Setiawan -- Viro