Hii Now i want to share about “How i got easy Clickjacking and escalated to Idor at Mola TV”
Before i start…
First I want to explain what is “Mola TV”
Mola TV is a channel as well as a multiplatform cable television , IPTV , and video on-demand — over-the-top channel in Indonesia and Timor Leste owned and operated by Polytron .
Okay back to topic…
Explanation
At endpoint of user profile : https://mola.tv/accounts/_/v2/profile
was not set X-Frame-Options on the response. and it containt sensitive information such : email,phone number,uid etc..
Halo,
Kali ini saya akan membuat write up tentang “Bagaimana saya mendapatkan Time Based SQL Injection di jamtangan.com”
Dan pada kali ini saya ingin membuat write-up menggunakan Bahasa Indoesia karena memang lagi ingin *lol
Oke sebelumnya saya ingin menjelaskan terlebih dahulu bahwasannya jamtangan.com mempunyai Program Bugbounty detail lengkapnya bisa diakses disini : https://bantuan.jamtangan.com/hc/id/articles/360026084611-Pelaporan-Bug
Penjelasan
Apa itu Time Based SQL Injection ?
Teknik in merupakan teknik inferensia yang bergantung pada pengiriman query SQL ke database yang memaksa database untuk menunggu dalam rentang waktu tertentu (dalam detik) sebelum melakukan response.
sc : https://bssn.go.id/wp-content/uploads/2019/09/Proteksi-terhadap-Kerentanan-SQL-Injection-2019-v.1.3.1_sign.pdf
Step to Reproduce
- Kunjungi : https://www.jamtangan.com/myaccount/
- Klik ada bagian…
Hello guys,
This is my first Write Up and i want to share about “How i got easy $$$ for SQL Injection Bug”
Note : call the target as Redacted.com
Tools : Burpsuite
Proof of Concept :
1. Sign up for a new account
2. Follow the instruction, and then i got this page :
Rafi Andhika Galuh
Cyber Security Enthusiast
