From: Ammar Faizi <[email protected]>
To: Alviro Iskandar Setiawan <[email protected]>
Cc: Michael William Jonathan <[email protected]>,
GNU/Weeb Mailing List <[email protected]>
Subject: Re: CF ticketing system is still vulnerable
Date: Sat, 22 Apr 2023 07:18:53 +0700 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAOG64qPq3whtOxA24LmmVRvzQEK4OEXRzMQAJpqO-e=xM8w4zQ@mail.gmail.com>
On Sat, Apr 22, 2023 at 07:09:51AM +0700, Alviro Iskandar Setiawan wrote:
> On Sat, Apr 22, 2023 at 6:51 AM Ammar Faizi wrote:
> > On Sat, Apr 22, 2023 at 6:42 AM Alviro Iskandar Setiawan wrote:
> > > On Sat, Apr 22, 2023 at 6:21 AM Ammar Faizi wrote:
> > > > On Fri, Apr 21, 2023 at 7:45 AM Ammar Faizi wrote:
> > > > > On Fri, Apr 21, 2023 at 7:42 AM Alviro Iskandar Setiawan wrote:
> > > > > > POC and sample attached.
> > > > > >
> > > > > > gcc -Wall -Wextra -O2 -ggdb3 gwcfd2.c -o gwcfd2 -lcurl -ljson-c -lpthread;
> > > > > > ./gwcfd2;
> > > > >
> > > > > I'll address this ASAP.
> > > >
> > > > I sent your POC and sample to the KiosTix people yesterday. At first,
> > > > they didn't acknowledge the leak because they thought you leaked the
> > > > old tickets.
> > >
> > > Didn't they read the dump.txt file I sent? It looks new to me... Or
> > > maybe I am the one who ate their sweet honeypot this time?
> >
> > No, I don't think that's a honeypot. I just confirmed that my new
> > tickets that already use UUIDv4 are in your dump too. So it's legit;
> > they just didn't understand what you're trying to inform.
>
> Doubt, did you talk to a dev or a manager? I guess you were talking to
> a manager who doesn't understand the technical stuff behind this.
To both of them, actually. Initially, I was talking to the "head of
sales & partnetship" person. Then she created a WA group where I
directly talk to the dev.
[12:50 PM, 4/21/2023] Priska Narinda: Halo mas amar @Ammar Faizi , ini ada perwakilan dari IT kiostix ada mas ali @Ali Reza Y ya
[12:50 PM, 4/21/2023] Priska Narinda: Boleh kita komunikasi disini yaa
[12:50 PM, 4/21/2023] Priska Narinda: Biar gak berenti dan lama di saya nih
...
[12:52 PM, 4/21/2023] Priska Narinda: Mas @Ali Reza Y ini penemuan dari tim mas amar ya.. terkait bug kiostix… mungkin bisa di tanggapi prosesnya ya
[12:52 PM, 4/21/2023] Ammar Faizi: Salam kenal mas @Ali Reza Y. Saya Ammar Faizi dari GNU/Weeb. Ada tanggapan terkait pesan di atas?
[12:53 PM, 4/21/2023] Priska Narinda: Yes tunggu jawaban dr ali ya
[1:00 PM, 4/21/2023] Ali Reza Y: Halo mas..boleh saya bawa diskusi dulu ke tim kita ya mas
[1:02 PM, 4/21/2023] Ammar Faizi: Oke.
[1:06 PM, 4/21/2023] Ali Reza Y: mungkin ada hal lainnya lagi mas biar kita juga bisa bahas internal sekalian
[1:07 PM, 4/21/2023] Ammar Faizi: Belum ada. Nanti akan terus saya update ke sini kalau ada penemuan lain.
--
Ammar Faizi
next prev parent reply other threads:[~2023-04-22 0:18 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAOG64qN7ZPE+twkvxWM8uq4NDsWzbUsXGYvrPxhf55YWG2G3Ww@mail.gmail.com>
2023-04-21 0:45 ` CF ticketing system is still vulnerable Ammar Faizi
2023-04-21 23:21 ` Ammar Faizi
2023-04-21 23:41 ` Alviro Iskandar Setiawan
2023-04-21 23:50 ` Ammar Faizi
2023-04-22 0:09 ` Alviro Iskandar Setiawan
2023-04-22 0:18 ` Ammar Faizi [this message]
2023-04-22 0:29 ` Alviro Iskandar Setiawan
2023-04-22 0:41 ` Ammar Faizi
2023-04-22 0:54 ` Alviro Iskandar Setiawan
2023-04-22 1:01 ` Ammar Faizi
2023-04-22 2:35 ` Ammar Faizi
2023-04-22 6:02 ` Alviro Iskandar Setiawan
2023-04-22 6:38 ` Ammar Faizi
2023-04-22 6:53 ` Alviro Iskandar Setiawan
2023-04-22 7:49 ` Telegram bot? (was: Re: CF ticketing system is still vulnerable) Ammar Faizi
2023-04-22 7:52 ` Alviro Iskandar Setiawan
2023-04-22 7:59 ` Ammar Faizi
2023-04-22 8:00 ` Alviro Iskandar Setiawan
2023-04-22 22:58 ` CF ticketing system is still vulnerable Alviro Iskandar Setiawan
2023-04-22 23:06 ` Ammar Faizi
2023-04-22 23:11 ` Alviro Iskandar Setiawan
2023-04-22 23:23 ` Alviro Iskandar Setiawan
2023-04-22 23:36 ` Ammar Faizi
2023-04-23 1:28 ` Alviro Iskandar Setiawan
2023-04-23 1:31 ` Alviro Iskandar Setiawan
2023-04-23 1:38 ` Ammar Faizi
2023-04-23 1:47 ` Alviro Iskandar Setiawan
2023-04-23 1:53 ` Ammar Faizi
2023-04-23 3:33 ` Alviro Iskandar Setiawan
2023-04-23 3:36 ` Ammar Faizi
2023-04-23 3:48 ` Moe
2023-04-23 3:56 ` Ammar Faizi
2023-04-23 5:23 ` Alviro Iskandar Setiawan
2023-04-23 5:28 ` Ammar Faizi
2023-04-23 5:43 ` Alviro Iskandar Setiawan
2023-04-23 5:35 ` Ammar Faizi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox