* gwcfd v3
@ 2024-10-21 21:57 Louvian Lyndal
2024-10-21 22:29 ` Alviro Iskandar Setiawan
0 siblings, 1 reply; 3+ messages in thread
From: Louvian Lyndal @ 2024-10-21 21:57 UTC (permalink / raw)
To: Ammar Faizi, Alviro Iskandar Setiawan, Michael William Jonathan
Cc: GNU/Weeb Mailing List
Last night, I reported a glaring vulnerability in the CF ticketing
system to ticket2u customer service. In return, they gifted me this
brilliant response:
"Hi. The link to view/download the ticket is only sent to the
registered email during ticket purchase. Not all buyers create
ticket2u accounts to make a purchase. If a guest account is used, it
won’t be bound to a user account. Thank you."
I even included a sample URL that anyone could access without login,
but apparently, that's just how they like it-wide open and welcoming
to all.
Honestly, it seems the CF folks are doomed to repeat history. This
is the third time they've been dumped, and still, lessons go
unlearned.
The third time's the charm, right?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: gwcfd v3
2024-10-21 21:57 gwcfd v3 Louvian Lyndal
@ 2024-10-21 22:29 ` Alviro Iskandar Setiawan
2024-10-21 23:10 ` Louvian Lyndal
0 siblings, 1 reply; 3+ messages in thread
From: Alviro Iskandar Setiawan @ 2024-10-21 22:29 UTC (permalink / raw)
To: Louvian Lyndal
Cc: Ammar Faizi, Michael William Jonathan, GNU/Weeb Mailing List
On Tue, Oct 22, 2024 at 4:57 AM Louvian Lyndal wrote:
> Last night, I reported a glaring vulnerability in the CF ticketing
> system to ticket2u customer service. In return, they gifted me this
> brilliant response:
>
> "Hi. The link to view/download the ticket is only sent to the
> registered email during ticket purchase. Not all buyers create
> ticket2u accounts to make a purchase. If a guest account is used, it
> won’t be bound to a user account. Thank you."
>
> I even included a sample URL that anyone could access without login,
> but apparently, that's just how they like it-wide open and welcoming
> to all.
Can you give me a sample or the dump file?
How far does the vulnerability give you access to their system?
-- Viro
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: gwcfd v3
2024-10-21 22:29 ` Alviro Iskandar Setiawan
@ 2024-10-21 23:10 ` Louvian Lyndal
0 siblings, 0 replies; 3+ messages in thread
From: Louvian Lyndal @ 2024-10-21 23:10 UTC (permalink / raw)
To: Alviro Iskandar Setiawan
Cc: Ammar Faizi, Michael William Jonathan, GNU/Weeb Mailing List
On Tue, Oct 22, 2024 at 5:30 AM Alviro Iskandar Setiawan wrote:
> On Tue, Oct 22, 2024 at 4:57 AM Louvian Lyndal wrote:
> > I even included a sample URL that anyone could access without login,
> > but apparently, that's just how they like it-wide open and welcoming
> > to all.
>
> Can you give me a sample or the dump file?
You can find a BTB here:
http://dzi6vje7g62egwengyit3p42qp5a7xvgtivgplphpgykbz5ahc2sxcad.onion/
> How far does the vulnerability give you access to their system?
At worst, it's just dumping the tickets, but then we can extract the
user info from the invoice.
And didn't I mention the XML endpoint. That's where the magic happens.
It's like a buffet for file listings, just sitting there, waiting to
be harvested. That's the crown jewel of the whole operation if you
want to dump everything.
It's absolutely baffling that this vulnerability even exists in the
first place. It's not just a slip-up; it's a glaring oversight that
shouldn't happen in any serious system. Leaving something like this
wide open is basically inviting trouble-it's not just careless, it's
downright irresponsible.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-10-21 23:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-21 21:57 gwcfd v3 Louvian Lyndal
2024-10-21 22:29 ` Alviro Iskandar Setiawan
2024-10-21 23:10 ` Louvian Lyndal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox