From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server-vie001.gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Authentication-Results: server-vie001.gnuweeb.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=eYi92Vac; dkim-atps=neutral Received: by server-vie001.gnuweeb.org (Postfix, from userid 1000) id 5A3672071D27; Mon, 21 Oct 2024 23:10:20 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.219.181; helo=mail-yb1-f181.google.com; envelope-from=louvianlyndal@gmail.com; receiver= Received: from mail-yb1-f181.google.com (mail-yb1-f181.google.com [209.85.219.181]) by server-vie001.gnuweeb.org (Postfix) with ESMTPS id C7AD42071D24 for ; Mon, 21 Oct 2024 23:10:19 +0000 (UTC) Received: by mail-yb1-f181.google.com with SMTP id 3f1490d57ef6-e290e857d56so5013372276.1 for ; Mon, 21 Oct 2024 16:10:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729552218; x=1730157018; darn=vger.gnuweeb.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=daE1E8hM2worJ+0aqQnf/KGkxVevRvbQ8/jkAytmXEo=; b=eYi92VacWL9C68SSr8+CTUeReKsV7rJw73IkqGBY1MgRS1pU5Se9SX7hqRz09pM/1F VM/HU2DS3wLCrFWm6zIFHo+kBTmuw1Mi4hwbytNScsnKudRMYTwv5IisBH5xtdlrc7Xs kqJiBllH52aao3+2mClG/LiV2IcSNjRccUUqS7/nYFUNS5nAYxIdA1uWRVYQ2bHFkELw WEtUWgYoH7N0bIoK54Ei1CgOjrQVrZsecdlFdKfGVNTWUm5cYhSLkQVAMECxzXeTj1ym aP7gW1nEclaxL5P934Kw+OpHabmWLL8iX2xPyMU/1d9vbN9XHSAzJ/hJXcONiNwam+uD Ssuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729552218; x=1730157018; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=daE1E8hM2worJ+0aqQnf/KGkxVevRvbQ8/jkAytmXEo=; b=szQemvL0gYweSnSgMqyPhKN7WeTFpD3Yfz0uClG/RQo2lZNI8ZIWl5V/wKAQgoagap TxuSNsHjv1ZR2WTEXZq6FzRQYV+T9LfGQBZTnasaMxPIPeHyiklGOD2mDFzak4xt1ysP bTDydMfKfxmvpIn9nOUVw2X3hfCwiYa8KDx0x+Mim9qqRDaGbgFOlce4o/qYux7DSl8S d7ePhiMBAOndyVQnjO2a83FfTEI0gkjvcdOvpz2FV4PeWiEitEzqVikX4yiS7o1+tXy5 ZhMqIieSU0ENvnVjPC3oa3TouvrL+oT48r3D+iydLjdGwCv+pG6RSEHy56jclMFx732R B9lg== X-Forwarded-Encrypted: i=1; AJvYcCUOcAOMNHf6fBfdGZAayfvq4uAYkdH+io2XhyT4S/jQBJbGJusMU9d5jTj2cQjzMRNReDtU@vger.gnuweeb.org X-Gm-Message-State: AOJu0YxZ2YX3WqEsoZvLQIZHb6/MspfyWXCN7ha0vKQu72XJZ4KxtAIf ++hANXMH9oiPGTWsHmfb2uJyuRS0x4oetlCIakluDM9gG0O3kTic72q/F8QNufPvbuhpGvf1g8Z 0l0kMD75nBlN+1Uk/AvBgEFjLDqY= X-Google-Smtp-Source: AGHT+IFrLOyV/sdOq0gpSIvFQ0sINCy14iMYGoOtxTm87AdxMP0BVESDyzDHhu80kydjn+C8tKdnpzS7CtoH1cZBdgc= X-Received: by 2002:a05:690c:d8a:b0:6e2:ef1:2558 with SMTP id 00721157ae682-6e5bfbdb7a2mr116183227b3.8.1729552218327; Mon, 21 Oct 2024 16:10:18 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Louvian Lyndal Date: Tue, 22 Oct 2024 06:10:07 +0700 Message-ID: Subject: Re: gwcfd v3 To: Alviro Iskandar Setiawan Cc: Ammar Faizi , Michael William Jonathan , "GNU/Weeb Mailing List" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: On Tue, Oct 22, 2024 at 5:30=E2=80=AFAM Alviro Iskandar Setiawan wrote: > On Tue, Oct 22, 2024 at 4:57=E2=80=AFAM Louvian Lyndal wrote: > > I even included a sample URL that anyone could access without login, > > but apparently, that's just how they like it-wide open and welcoming > > to all. > > Can you give me a sample or the dump file? You can find a BTB here: http://dzi6vje7g62egwengyit3p42qp5a7xvgtivgplphpgykbz5ahc2sxcad.onion/ > How far does the vulnerability give you access to their system? At worst, it's just dumping the tickets, but then we can extract the user info from the invoice. And didn't I mention the XML endpoint. That's where the magic happens. It's like a buffet for file listings, just sitting there, waiting to be harvested. That's the crown jewel of the whole operation if you want to dump everything. It's absolutely baffling that this vulnerability even exists in the first place. It's not just a slip-up; it's a glaring oversight that shouldn't happen in any serious system. Leaving something like this wide open is basically inviting trouble-it's not just careless, it's downright irresponsible.