Hi!!!, In this Article I would like to tell you a little about how I accidentally discovered the “Pre-Auth Remote Code Execution (CVE-2021–42237)” Attack on one of the Vendors affected by this attack. Note : I will Censor any Vendor affected by this attack. Description Sitecore XP 7.5 Initial Release to…

Hello, In this article i want to share my experience getting SQL Injection on BluePay (BLUE Indonesia BluePay), I found this vulnerability in 2019 when I was still a Vocational High School and this machine was very popular in my school, and that’s when I tried do Pentest on…

Hello, In this article I want to tell you a little about how I accidentally discovered the Unrestricted File Upload attack leads to Remote Code Execution on one of the vendors affected by this attack… Little Story Previously, I really didn’t know that those affected by the vulnerability that I found were…

Hello, here I just want to tell about my experience finding a real IP using CloudFlare through “SSRF External Interaction” and getting a form login for Admin and there is a SQL Injection bug. Little Story Previously I had also found SQLi vulnerabilities on this website but this time it felt a…

Hello, here I just want to share my experience regarding finding the XSS (Cross site scripting) bug at one of the banks in Indonesia, namely BCA (Bank Central Asia). Little Story I previously got this URL from 17 May 2019 and it comes from an email from Bank BCA, namely “Developer BCA”

Hello, here I just want to give a little story about the finding of the bug “Price Parameter Tampering” on one of the IT Bootcamp websites in Indonesia. Summary The Parameter tampering attack relies on the manipulation of parameters changed by the user so as to change application information like user…

Bismillah. Assalamualaikum wr wb, teman teman ^-^)/ Disini saya hanya ingin membagikan pengalaman Berburu Bug saya pada salah satu website Pembayaran Digital Indonesia, Sebelumnya terima kasih banyak kepada pak Zul Amri yang sudah memforward Laporan saya ke Team dari website tersebut. Tentang Full Path Disclosure : Kerentanan Full Path Disclosure (FPD)…

(PenTesting From Termux) — Hallo teman teman… Perkenalkan saya adalah Caesar dan disini saya hanya ingin membagikan pengalaman saya saja melakukan PenTesting pada salah satu website pembelajaran Cyber Security, dengan menggunakan Aplikasi Termux dan beberapa Tools yang biasa digunakan untuk melakukan PenTesting… Note :*untuk nama website disini saya akan sensor dan beberapa hal yang…

Hellow — Hi