BigTree CMS – Multiple Security Issue of CSRF at Few Parameters (CVE-2017-6914 … 6918)

Author: | Categories: Bug Report, Web Apps, Write-Up No comments
I. ABSTRACT As quoted from the official site of BigTree CMS, BigTree CMS is an open source content management system built on PHP and MySQL. It was created by – and for – user experience and content strategy experts. BigTree’s user system is designed for a single webmaster or

Tokopedia – Unrestricted Deletion to All of People’s Bank Account

Author: | Categories: Bug Report, Web Apps, Write-Up No comments
I. ABSTRACT The simplicity in receiving payment from the online sales is certainly a dream for every seller. For actualizing this simplicity, Tokopedia has launched a feature which is “Tambah Rekening Bank” (Adding Bank Account) that could be used to receive the sales payment after every transaction processes to

Tokopedia – Content Injection that could Result Reflected Cross Site Scripting

Author: | Categories: Bug Report, Web Apps, Write-Up No comments
I. ABSTRACT Provision of information for activating a new-registered account is one of the features that could be seen by the user (in context of buying) after finishing a short sign-up process. However, the problem occurs when the page that provides the information doesn’t do any filtering to the

Bypassing the Limitation of Brute Force Attack (“Smart Password Lockout”) on Microsoft Service Account

Author: | Categories: Bug Report, Web Apps, Write-Up No comments
Illustration from Microsoft (edited by us) note: maybe readers will found many grammar mistakes in this article. However, we wish we could deliver the main point of this article. I. ABSTRACT Doing groove in mobile is almost an inevitable thing for most of users in the world especially in

LINE Chat – Unencrypted Chat Messages and Unauthorized Access to Message Attachments

Author: | Categories: Bug Report, Mobile Apps, Write-Up No comments
Illustration from Line.me I. ABSTRACT Sending short messages is a daily activity which is hard to be separated from the most societies in this era. Technology developing which is followed by the availability of internet packet that is easy to be achieved for most societies, is being the forerunner

[Late Post] Passcode Vulnerability on Pocket Expense <= 4.5.1

Author: | Categories: Bug Report, Mobile Apps, Write-Up No comments
I. ABSTRACT In our daily life, many people are often finding some difficulties to manage their financial record. This record generally is about data of income and outcome activities which were in the past or even in the future. In an era which is all about digital like now,

Simple Paper

Author: | Categories: Simple Paper No comments
List of  simple papers in this site (English): Dec 27th, 2017 – Asus [EN Only] Lack of Binary Protection at Asus “Vivo Baby” and “HiVivo” for Android that could Result of Several Security Issues Dec 26th, 2017 – PayPal [EN Only] PayPal – Bypassing the Current Password Protection at

About Me

Author: | Categories: About Me No comments
InfoSec Professional | Top 150 Bugcrowd (Sept 2019) & 2018 Bugcrowd MVP | OSCP, SISE, LPT (Master), C|EHv8, ECSAv9, C|NDv1, CEIv2. Twitter | Blog | | Linkedin | Mail: yk[at]firstsight.me [Bahasa] FREE | ebook Bug Hunting 101 – Web Application Security Together with Faisal Yudo, Tomi, and Azhar, we