Random ramblings from someone working in InfoSec

contact me@localhost.re
archive - rss

Another day, another billing panel. Found a sweet vulnerability in HostBill "Security is critical".

Entire database dump written to a file of our choice. Super-duper validation of access level (none).


must see

You can also use POST.

Oh, and if really wanted to, you can modify your client name or something to <?php eval(...); ?> and set the filename extension to php. Credit cards are stored in the database, encryption key is in /includes/config.php

PS: In case you wanted to report this vulnerability to them it costs only $75. No other way to contact them.