From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org; s=default; t=1682204782; bh=dbKMqQTFOnNtA17fYkd+Ruj6WciZIJnqBVPyKMGxbpc=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=ov2vHnl1ts1pVJr79R1OlrIGUGRFIMH2tXqEIPIyQ8OYHbPBHZ39v9F+IeWu2PeBl 3FDEbxNfzq98/V/Im/F0FhX65ql/ynNwaLZoiAaQKXQuDX63c1sR0r37tf8nuMpQFv SUgHFAtLUINr5zB1LaL8O4TYcfEkfHyUMZxiZGBDmyW5eyqup+wimb/5A/HTsiQEf1 5RPi70XChMpawcE97wx4nEP9ytEi9inXSetVENq1hNQN5zw4OZ1IN1tzINDk3hs+c0 +W8WQ92kUPxxc5bn7ION5C/znqoxircUCILFkpFVKP+iJfTOnkvc6pCca/ZYWt3l2J 8inT1kGILsNUQ== Received: from biznet-home.integral.gnuweeb.org (unknown [182.2.73.244]) by gnuweeb.org (Postfix) with ESMTPSA id 94F062457BE; Sun, 23 Apr 2023 06:06:21 +0700 (WIB) Date: Sun, 23 Apr 2023 06:06:17 +0700 From: Ammar Faizi To: Alviro Iskandar Setiawan Cc: Michael William Jonathan , GNU/Weeb Mailing List Subject: Re: CF ticketing system is still vulnerable Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Bpl: hUx9VaHkTWcLO7S8CQCslj6OzqBx2hfLChRz45nPESx5VSB/xuJQVOKOB1zSXE3yc9ntP27bV1M1 List-Id: On Sun, Apr 23, 2023 at 05:58:09AM +0700, Alviro Iskandar Setiawan wrote: > Back to this again, I am not sure if the fix is proper. I get HTTP 500 > when accessing it from libcurl in my C program: > [...] > > {"success":false} > > But if I access it from curl cmd: [...] > > {"success":true,"etickets":[]} > > That means it's not fixed. Also, HTTP 500 indicates internal server > error. It seems something goes very wrong with their fix attempt. So > yes, it's still vulnerable when I write this email. In other words, they only block your POC, but the endpoint is still accessible if you use another program? -- Ammar Faizi