From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org; s=default; t=1682122204; bh=EnAM5tBpJXBRiD9kEe9OCbZzJcKtJZX7+iIaXIGE1OU=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=RsgIiniTd8lii4obkQ8kHy2AufxoU+WSCdIFBToLpaUDYPwGldGg6ZphlnbGgnJok 6gfqg8Jw/FCuAWN49kvY9FSWdPGslhfuzJM9hnm2XlfuI2wOwqltbHpNVqIsKOT+FG +wimaExilx910OtEHr8EZc08ijNP9n01wARVcWV77vRVb8qqHwHEe257No1yvsGPUr 92ASgAn6GSnHTjnI/41zccqRmPLkK1W0pj4DL18nMLbHlho8sbkIY3h/grZDMALtAl +hq7vZYpbKkND9bkZrIVUrUgz5XfeBGempqw2J+E7u+JmtkPkiGkA/U/bQ/2q/Wujp +Tky+HJKt8jnw== Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com [209.85.208.179]) by gnuweeb.org (Postfix) with ESMTPSA id 929AE245743 for ; Sat, 22 Apr 2023 07:10:04 +0700 (WIB) Received: by mail-lj1-f179.google.com with SMTP id 38308e7fff4ca-2a8aea2a654so21335591fa.1 for ; Fri, 21 Apr 2023 17:10:04 -0700 (PDT) X-Gm-Message-State: AAQBX9fzb0R0FBOwbTGIvtCR+vnSsq1OYJK0PMr+q+MBAfCch/Ay6lke 1SZ0DI80z97IkM+cIafF8R3aEDcuqCapLnpJRIQ= X-Google-Smtp-Source: AKy350Z3fsadlMK7uMfokCq5yd4lBWrErEePIU4c/MAKjJqhWtDs8nfkvBM778L2mFDYOZU2YEa6LbZTmhxinnBtnIo= X-Received: by 2002:a2e:8384:0:b0:299:2b6d:6e90 with SMTP id x4-20020a2e8384000000b002992b6d6e90mr1129316ljg.34.1682122202478; Fri, 21 Apr 2023 17:10:02 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Alviro Iskandar Setiawan Date: Sat, 22 Apr 2023 07:09:51 +0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: CF ticketing system is still vulnerable To: Ammar Faizi Cc: Michael William Jonathan , "GNU/Weeb Mailing List" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: On Sat, Apr 22, 2023 at 6:51=E2=80=AFAM Ammar Faizi wrote: > On Sat, Apr 22, 2023 at 6:42=E2=80=AFAM Alviro Iskandar Setiawan wrote: > > On Sat, Apr 22, 2023 at 6:21=E2=80=AFAM Ammar Faizi wrote: > > > On Fri, Apr 21, 2023 at 7:45=E2=80=AFAM Ammar Faizi wrote: > > > > On Fri, Apr 21, 2023 at 7:42=E2=80=AFAM Alviro Iskandar Setiawan wr= ote: > > > > > POC and sample attached. > > > > > > > > > > gcc -Wall -Wextra -O2 -ggdb3 gwcfd2.c -o gwcfd2 -lcurl -ljson-c -= lpthread; > > > > > ./gwcfd2; > > > > > > > > I'll address this ASAP. > > > > > > I sent your POC and sample to the KiosTix people yesterday. At first, > > > they didn't acknowledge the leak because they thought you leaked the > > > old tickets. > > > > Didn't they read the dump.txt file I sent? It looks new to me... Or > > maybe I am the one who ate their sweet honeypot this time? > > No, I don't think that's a honeypot. I just confirmed that my new > tickets that already use UUIDv4 are in your dump too. So it's legit; > they just didn't understand what you're trying to inform. Doubt, did you talk to a dev or a manager? I guess you were talking to a manager who doesn't understand the technical stuff behind this. -- Viro