From: Ammar Faizi <[email protected]>
To: Alviro Iskandar Setiawan <[email protected]>
Cc: Michael William Jonathan <[email protected]>,
GNU/Weeb Mailing List <[email protected]>
Subject: Re: CF ticketing system is still vulnerable
Date: Sun, 23 Apr 2023 06:06:17 +0700 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAOG64qMi=1oM+iEKZmoQQWonDzE1ZBkfA5pCNmF2LQYQcK8KRw@mail.gmail.com>
On Sun, Apr 23, 2023 at 05:58:09AM +0700, Alviro Iskandar Setiawan wrote:
> Back to this again, I am not sure if the fix is proper. I get HTTP 500
> when accessing it from libcurl in my C program:
>
[...]
> > {"success":false}
>
> But if I access it from curl cmd:
[...]
> > {"success":true,"etickets":[<snip>]}
>
> That means it's not fixed. Also, HTTP 500 indicates internal server
> error. It seems something goes very wrong with their fix attempt. So
> yes, it's still vulnerable when I write this email.
In other words, they only block your POC, but the endpoint is still
accessible if you use another program?
--
Ammar Faizi
next prev parent reply other threads:[~2023-04-22 23:06 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAOG64qN7ZPE+twkvxWM8uq4NDsWzbUsXGYvrPxhf55YWG2G3Ww@mail.gmail.com>
2023-04-21 0:45 ` CF ticketing system is still vulnerable Ammar Faizi
2023-04-21 23:21 ` Ammar Faizi
2023-04-21 23:41 ` Alviro Iskandar Setiawan
2023-04-21 23:50 ` Ammar Faizi
2023-04-22 0:09 ` Alviro Iskandar Setiawan
2023-04-22 0:18 ` Ammar Faizi
2023-04-22 0:29 ` Alviro Iskandar Setiawan
2023-04-22 0:41 ` Ammar Faizi
2023-04-22 0:54 ` Alviro Iskandar Setiawan
2023-04-22 1:01 ` Ammar Faizi
2023-04-22 2:35 ` Ammar Faizi
2023-04-22 6:02 ` Alviro Iskandar Setiawan
2023-04-22 6:38 ` Ammar Faizi
2023-04-22 6:53 ` Alviro Iskandar Setiawan
2023-04-22 7:49 ` Telegram bot? (was: Re: CF ticketing system is still vulnerable) Ammar Faizi
2023-04-22 7:52 ` Alviro Iskandar Setiawan
2023-04-22 7:59 ` Ammar Faizi
2023-04-22 8:00 ` Alviro Iskandar Setiawan
2023-04-22 22:58 ` CF ticketing system is still vulnerable Alviro Iskandar Setiawan
2023-04-22 23:06 ` Ammar Faizi [this message]
2023-04-22 23:11 ` Alviro Iskandar Setiawan
2023-04-22 23:23 ` Alviro Iskandar Setiawan
2023-04-22 23:36 ` Ammar Faizi
2023-04-23 1:28 ` Alviro Iskandar Setiawan
2023-04-23 1:31 ` Alviro Iskandar Setiawan
2023-04-23 1:38 ` Ammar Faizi
2023-04-23 1:47 ` Alviro Iskandar Setiawan
2023-04-23 1:53 ` Ammar Faizi
2023-04-23 3:33 ` Alviro Iskandar Setiawan
2023-04-23 3:36 ` Ammar Faizi
2023-04-23 3:48 ` Moe
2023-04-23 3:56 ` Ammar Faizi
2023-04-23 5:23 ` Alviro Iskandar Setiawan
2023-04-23 5:28 ` Ammar Faizi
2023-04-23 5:43 ` Alviro Iskandar Setiawan
2023-04-23 5:35 ` Ammar Faizi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox