GNU/Weeb Mailing List <[email protected]>
 help / color / mirror / Atom feed
From: Ammar Faizi <[email protected]>
To: Alviro Iskandar Setiawan <[email protected]>
Cc: Michael William Jonathan <[email protected]>,
	GNU/Weeb Mailing List <[email protected]>
Subject: Re: CF ticketing system is still vulnerable
Date: Sat, 22 Apr 2023 07:18:53 +0700	[thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAOG64qPq3whtOxA24LmmVRvzQEK4OEXRzMQAJpqO-e=xM8w4zQ@mail.gmail.com>

On Sat, Apr 22, 2023 at 07:09:51AM +0700, Alviro Iskandar Setiawan wrote:
> On Sat, Apr 22, 2023 at 6:51 AM Ammar Faizi wrote:
> > On Sat, Apr 22, 2023 at 6:42 AM Alviro Iskandar Setiawan wrote:
> > > On Sat, Apr 22, 2023 at 6:21 AM Ammar Faizi wrote:
> > > > On Fri, Apr 21, 2023 at 7:45 AM Ammar Faizi wrote:
> > > > > On Fri, Apr 21, 2023 at 7:42 AM Alviro Iskandar Setiawan wrote:
> > > > > > POC and sample attached.
> > > > > >
> > > > > > gcc -Wall -Wextra -O2 -ggdb3 gwcfd2.c -o gwcfd2 -lcurl -ljson-c -lpthread;
> > > > > > ./gwcfd2;
> > > > >
> > > > > I'll address this ASAP.
> > > >
> > > > I sent your POC and sample to the KiosTix people yesterday. At first,
> > > > they didn't acknowledge the leak because they thought you leaked the
> > > > old tickets.
> > >
> > > Didn't they read the dump.txt file I sent? It looks new to me... Or
> > > maybe I am the one who ate their sweet honeypot this time?
> >
> > No, I don't think that's a honeypot. I just confirmed that my new
> > tickets that already use UUIDv4 are in your dump too. So it's legit;
> > they just didn't understand what you're trying to inform.
> 
> Doubt, did you talk to a dev or a manager? I guess you were talking to
> a manager who doesn't understand the technical stuff behind this.

To both of them, actually. Initially, I was talking to the "head of
sales & partnetship" person. Then she created a WA group where I
directly talk to the dev.

[12:50 PM, 4/21/2023] Priska Narinda: Halo mas amar @Ammar Faizi , ini ada perwakilan dari IT kiostix ada mas ali @Ali Reza Y ya
[12:50 PM, 4/21/2023] Priska Narinda: Boleh kita komunikasi disini yaa
[12:50 PM, 4/21/2023] Priska Narinda: Biar gak berenti dan lama di saya nih
...
[12:52 PM, 4/21/2023] Priska Narinda: Mas @Ali Reza Y ini penemuan dari tim mas amar ya.. terkait bug kiostix… mungkin bisa di tanggapi prosesnya ya
[12:52 PM, 4/21/2023] Ammar Faizi: Salam kenal mas @Ali Reza Y. Saya Ammar Faizi dari GNU/Weeb. Ada tanggapan terkait pesan di atas?
[12:53 PM, 4/21/2023] Priska Narinda: Yes tunggu jawaban dr ali ya
[1:00 PM, 4/21/2023] Ali Reza Y: Halo mas..boleh saya bawa diskusi dulu ke tim kita ya mas
[1:02 PM, 4/21/2023] Ammar Faizi: Oke.
[1:06 PM, 4/21/2023] Ali Reza Y: mungkin ada hal lainnya lagi mas biar kita juga bisa bahas internal sekalian
[1:07 PM, 4/21/2023] Ammar Faizi: Belum ada. Nanti akan terus saya update ke sini kalau ada penemuan lain.

-- 
Ammar Faizi


  reply	other threads:[~2023-04-22  0:18 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAOG64qN7ZPE+twkvxWM8uq4NDsWzbUsXGYvrPxhf55YWG2G3Ww@mail.gmail.com>
2023-04-21  0:45 ` CF ticketing system is still vulnerable Ammar Faizi
2023-04-21 23:21   ` Ammar Faizi
2023-04-21 23:41     ` Alviro Iskandar Setiawan
2023-04-21 23:50       ` Ammar Faizi
2023-04-22  0:09         ` Alviro Iskandar Setiawan
2023-04-22  0:18           ` Ammar Faizi [this message]
2023-04-22  0:29             ` Alviro Iskandar Setiawan
2023-04-22  0:41               ` Ammar Faizi
2023-04-22  0:54                 ` Alviro Iskandar Setiawan
2023-04-22  1:01                   ` Ammar Faizi
2023-04-22  2:35                     ` Ammar Faizi
2023-04-22  6:02                       ` Alviro Iskandar Setiawan
2023-04-22  6:38                         ` Ammar Faizi
2023-04-22  6:53                           ` Alviro Iskandar Setiawan
2023-04-22  7:49                             ` Telegram bot? (was: Re: CF ticketing system is still vulnerable) Ammar Faizi
2023-04-22  7:52                               ` Alviro Iskandar Setiawan
2023-04-22  7:59                                 ` Ammar Faizi
2023-04-22  8:00                                   ` Alviro Iskandar Setiawan
2023-04-22 22:58                         ` CF ticketing system is still vulnerable Alviro Iskandar Setiawan
2023-04-22 23:06                           ` Ammar Faizi
2023-04-22 23:11                             ` Alviro Iskandar Setiawan
2023-04-22 23:23                               ` Alviro Iskandar Setiawan
2023-04-22 23:36                                 ` Ammar Faizi
2023-04-23  1:28                                   ` Alviro Iskandar Setiawan
2023-04-23  1:31                                     ` Alviro Iskandar Setiawan
2023-04-23  1:38                                       ` Ammar Faizi
2023-04-23  1:47                                         ` Alviro Iskandar Setiawan
2023-04-23  1:53                                           ` Ammar Faizi
2023-04-23  3:33                                             ` Alviro Iskandar Setiawan
2023-04-23  3:36                                               ` Ammar Faizi
2023-04-23  3:48                                                 ` Moe
2023-04-23  3:56                                                   ` Ammar Faizi
2023-04-23  5:23                                                     ` Alviro Iskandar Setiawan
2023-04-23  5:28                                                       ` Ammar Faizi
2023-04-23  5:43                                                         ` Alviro Iskandar Setiawan
2023-04-23  5:35                                                   ` Ammar Faizi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox