From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=scpJ=HC=gmail.com=louvianlyndal@gnuweeb.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org
X-Spam-Level: *
X-Spam-Status: No, score=1.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,
	URIBL_DBL_BLOCKED_OPENDNS autolearn=no autolearn_force=no version=3.4.6
Authentication-Results: gnuweeb.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: gnuweeb.org;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=dFkAzWn9;
	dkim-atps=neutral
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.161.49; helo=mail-oo1-f49.google.com; envelope-from=louvianlyndal@gmail.com; receiver=<UNKNOWN> 
Received: from mail-oo1-f49.google.com (mail-oo1-f49.google.com [209.85.161.49])
	by gnuweeb.org (Postfix) with ESMTPS id 6747924BAAF
	for <gwml@vger.gnuweeb.org>; Tue, 21 Nov 2023 20:45:03 +0700 (WIB)
Received: by mail-oo1-f49.google.com with SMTP id 006d021491bc7-586ae6edf77so2737027eaf.1
        for <gwml@vger.gnuweeb.org>; Tue, 21 Nov 2023 05:45:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1700574303; x=1701179103; darn=vger.gnuweeb.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=PNbQmnCKHQ6ZW0924Q8Bsz2s1EOogT75RyM/ExqVzpU=;
        b=dFkAzWn932FXl2UXlh4NtLyki1yZT42VTMP8AwNxHCxMU1B9avP1hXjsupbzTSu2ig
         UsK36gRrzQbRIt6B/wK7po1ZohTYNgx9QwO/Ra8zOI9oFwOYiEjHyAVmIe4oifuxv2YY
         CADjdupIxfElEpjBRZRHgNV3OeaXQ4h1nBAFZGSmP4kihfUGB4S2MasVGc53K46i9jSD
         bxDzo9LZOHaPbZ9xzbjgYGAYeKx9nj9wLlkgKrvmTA3Nb1WfjPotDI55Nb+8LEYxwIlE
         DKtpz1zRljL3YdbIKrbmiL6k2B4zVKPaQO9Q2a+IhvPQp4OIMgkFnOzh5gta6YgQud1h
         Do6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1700574303; x=1701179103;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=PNbQmnCKHQ6ZW0924Q8Bsz2s1EOogT75RyM/ExqVzpU=;
        b=PGAQmFJ8TTDA0gM9Gc4sMETG7FOjiMj7/jjnSRW+n499aodV8PCp4dMQPC8x30C26u
         wIB2y1y1uJBWwXFj4uo2i8poYSQ9oruFMxBb7GtVvAoDIx1JpszsmMm8Ox5tEOHQh+3M
         U8xfVumght5dTV7kjWwWe+Vk+JM4qkYXG2aeeZr7yPBMmpW0EJu3JIHgeVh9Sc4UM/yU
         Yyk8+Y+1xj+c2CJ7/k67MT8kEE8zFSEtMBUpv/rhSqBC15Kza1m1GLXX0fpwCkS7Ewkb
         1qZwV9ywk0M4IRnrHmfcLRFMX3kAhL5Z/fApUaml1c5a23Jp3AGnOu0pq/OG0nZIwPWS
         +k7Q==
X-Gm-Message-State: AOJu0YzJ/wUmLIIVsfxWqwwJc4K47BNUS7ADU7Rn1RK6yDMtbSt1Sqoc
	6Sohg4RIMDAOpu/hsPHZFbtddzcGyzcB/FrQUvB4wQIXE1I=
X-Google-Smtp-Source: AGHT+IFYJ0H3s+90wjqJNH+C6VkegpaBIArXgFv6fv5GulC2tfsqPAvFNjgJIODsZ9hScPo3C78HACfDK7ZGN+fnO4o=
X-Received: by 2002:a05:6820:1613:b0:58a:9a06:690c with SMTP id
 bb19-20020a056820161300b0058a9a06690cmr8835755oob.0.1700574302959; Tue, 21
 Nov 2023 05:45:02 -0800 (PST)
MIME-Version: 1.0
References: <CAOG64qPJ1EOc0Q2r-yf4nM2dwvgt-6=TVumN9Yvaa_b+mXBKfw@mail.gmail.com>
 <CAP2ubgKewQt3pPq-=_Qhn=UkXkrRKjLP06NrB=3WvPHPs=KoXA@mail.gmail.com>
 <CAP2ubgLmQBwckvfMxO7y1DaTpVCTjSctNzRHCV58zZ5rc0KE+g@mail.gmail.com>
 <CAOG64qPTeo=BWuZ837YFCm_g+k3b8+T4QgopuDxPCcVoqhzhYg@mail.gmail.com>
 <CAOG64qPMDZVoq6Fyy0JCs+r=id6CU09Csxa8XcQ-nB+zpnSBDQ@mail.gmail.com>
 <CAP2ubg+MwpKqSf-jcmmGepc-Ln2YyhL_nB1GYLXExidfszN2rw@mail.gmail.com>
 <CAOG64qO4_KRgOGaXoZD2Rybu2_WEhBQ0nUfXZVra1eCHAH1t8w@mail.gmail.com>
 <CAP2ubgKrqFxrvhha6n3_=HfqmOG50P1a8XnMXzLbTJm7AiqkaA@mail.gmail.com> <CAOG64qNx7PWhiU+9fgBeKK-CdheZhsALsvcO5d8V0hmpmVdsLw@mail.gmail.com>
In-Reply-To: <CAOG64qNx7PWhiU+9fgBeKK-CdheZhsALsvcO5d8V0hmpmVdsLw@mail.gmail.com>
From: Louvian Lyndal <louvianlyndal@gmail.com>
Date: Tue, 21 Nov 2023 20:44:51 +0700
Message-ID: <CAP2ubgKBq2kg2oK3evLEBdwtHXMK=Nfuv8qMNhXRq4Ww2N4Ogg@mail.gmail.com>
Subject: Re: gwcfd v2?
To: Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Cc: "GNU/Weeb Mailing List" <gwml@vger.gnuweeb.org>, "GNU/Weeb Facebook Team" <fb@gnuweeb.org>, 
	Ammar Faizi <ammarfaizi2@gnuweeb.org>, Michael William Jonathan <moe@gnuweeb.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <gwml.vger.gnuweeb.org>

On Tue, Nov 21, 2023 at 11:24=E2=80=AFAM Alviro Iskandar Setiawan wrote:
> On Tue, Nov 21, 2023 at 11:07=E2=80=AFAM Louvian Lyndal wrote:
> > On Tue, Nov 21, 2023 at 10:59=E2=80=AFAM Alviro Iskandar Setiawan wrote=
:
> > > On Tue, Nov 21, 2023 at 10:52=E2=80=AFAM Louvian Lyndal wrote:
> > > > On Tue, Nov 21, 2023 at 10:42=E2=80=AFAM Alviro Iskandar Setiawan w=
rote:
> > > > > On Tue, Nov 21, 2023 at 10:23=E2=80=AFAM Alviro Iskandar Setiawan=
 wrote:
> > > > > > On Tue, Nov 21, 2023 at 6:46=E2=80=AFAM Louvian Lyndal wrote:
> > > > > > > On Tue, Nov 21, 2023 at 6:37=E2=80=AFAM Louvian Lyndal wrote:
> > > > > > > > On Tue, Nov 21, 2023 at 5:08=E2=80=AFAM Alviro Iskandar Set=
iawan wrote:
> > > > > > > > > There's a rumor that the current CF ticketing system is v=
ulnerable (
> > > > > > > > > https://ticket2u.id ). Will the GNU/Weeb security team as=
sess it?
> > > > > > > >
> > > > > > > > I'll give you some samples so you can be sure it's real.
> > > > > > >
> > > > > > > Here you go:
> > > > > > > http://mbol2yli7np6mzfgwimfnhajat6sdnq5frs2w7w3b7ldppdawexaxy=
id.onion/comifuro2023/
> > > > > > >
> > > > > > > It contains many events, not only CF. Your job is to create a=
n OCR
> > > > > > > program to classify those tickets (group by event). And extra=
ct user
> > > > > > > identities.
> > > > > >
> > > > > > Ack, that's real.
> > > > >
> > > > > BTW, it's tiring to filter those out as I have not been able to
> > > > > identify them programmatically. So far I couldn't find any CF tic=
kets,
> > > >
> > > > Neither have I.
> > > >
> > > > > could you please send a valid CF sample? Not expired tickets.
> > > >
> > > > I found one:
> > > > https://mbol2yli7np6mzfgwimfnhajat6sdnq5frs2w7w3b7ldppdawexaxyid.on=
ion/comifuro2023/85b4bcb4-5455-4c91-9d55-76bcd648d165.pdf
> > >
> > > your claim is real
> > >
> > > tq tq, will give more effort on creating a program that helps this re=
search
> >
> > Note that you cannot report this to Comifuro admins until you manage
> > to create a filter to collect only CF tickets. After that, you must be
> > able to extract user private information from the ticket to make the
> > severity higher. Once everything is settled up, I will give you all of
> > the dumps I collected (I'm still collecting newly generated tickets
> > now).
>
> gud deal, oracle hacker

We're late, the vulnerable endpoint has officially retired, closing
its doors to negotiations. We're at a standstill unless a new
vulnerability decides to grace us with its presence.