Simple Paper

Author: YoKo Kho | Posted in Simple Paper No comments

List of  simple papers in this site (English):

  1. Dec 27th, 2017 – Asus [EN Only] Lack of Binary Protection at Asus “Vivo Baby” and “HiVivo” for Android that could Result of Several Security Issues
  2. Dec 26th, 2017 – PayPal [EN Only] PayPal – Bypassing the Current Password Protection at PayPal Tech-Support
  3. Dec 26th, 2017 – PayPal [EN Only] Information Disclosure at PayPal and Xoom (PayPal Acquisition) via Search Engine
  4. Nov 13th, 2017 – PayPal [EN Only] Turning Self-XSS into non-Self Stored-XSS via Authorization Issue at “PayPal Tech-Support and Brand Central Portal”
  5. May 01st, 2017 – FortiNet [EN Only] Unrestricted Deletion to All Other Sub Account via IDOR at Support Portal
  6. Mar 14th, 2017 – BigTree CMS [EN Only] Multiple Issue of CSRF that could Illegally Few Data Changes v03
  7. Aug 18th, 2016 – Tokopedia [EN] #3 – Unrestricted Deletion to All of People’s Bank Account (translated by Vky W. with edited)
  8. Aug 10th, 2016 – Tokopedia [EN] #1 – Content Injection that could Result Reflected Cross Site Scripting (translated by Vky W. with edited)
  9. May 24th, 2016 – Microsoft [EN] Bypassing the Limitation of Brute Force Attack on Microsoft Service Account (translated by Bagus Her. with edited)
  10. July 30th, 2014 – LINE [EN] Unencrypted Chat Messages and Unauthorized Access to Message Attachments (translated by vky[at]firstsight.me)
  11. July 24nd, 2014 – [EN] Unencrypted iTunes Store Password on iOS 7.1.x at KeyChain (translated by vky[at]firstsight.me)
  12. July 22nd, 2014 – Pocket Expense [EN] Insecure Passcode Storage Vulnerability at Pocket Expense <= 4.5.1 (translated by vky[at]firstsight.me)

List of  simple papers in this site (Indonesia):

  1. Aug 29th, 2016 – Tokopedia [ID Only] #5 – CSRF Issue that could Result Illegally Send a Message
  2. Aug 29th, 2016 – Tokopedia [ID Only] #4 – CSRF Issue that could Result Illegally Delete the Message
  3. Aug 18th, 2016 – Tokopedia [ID] #3 – Unrestricted Deletion to All of People’s Bank Account
  4. Aug 17th, 2016 – Tokopedia [ID Only] #2 – Open URL Redirection via Base64 that could Result of Fraud Issue
  5. Aug 10th, 2016 – Tokopedia [ID] #1 – Content Injection that could Result Reflected XSS
  6. May 24th, 2016 – Microsoft [ID] Bypassing the Limitation of Brute Force Attack on Microsoft Service Account
  7. July 30th, 2014 – LINE [ID] Unencrypted Chat Messages and Unauthorized Access to Message Attachments
  8. July 24th, 2014 – [ID] Unencrypted iTunes Store Password on iOS 7.1.x in KeyChain
  9. July 22nd, 2014 – Pocket Expense [ID] Insecure Passcode Storage Vulnerability at Pocket Expense <= 4.5.1

Add Your Comment