• Privilege Escalation in Bio star 2 Exploitable through Batch Edit Option

    CVE-2023-XXXX Vulnerability Description: The Bio star 2 web application contains multiple operator levels, each with different privileges. The “Administrator” level has full permissions, while the “User Operator” level does not have all privileges. However, I have discovered a vulnerability that allows an attacker to escalate their privilege from “User Operator” to “System Administrator.” Exploiting this […]

  • Active Directory services account with plaintext password

    X Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users […]

  • Blind Insecure Direct Object Reference (IDOR) Leads To Export Other User’s Data

    Summary: The following write-up explains a vulnerability I found on Instagram. Due to an Instagram “Leads Submissions” flaw, I was able to export users’ data into a CSV file sent to my email. If you run a business Instagram account, you can collect information about your followers with a form/lead. For example, a store may […]

  • Creating a new user with admin Privilege

    CVE-2023-31923 Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users […]

  • Privilege escalation from user operator to System administrator

    CVE 2022-38351 Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, […]

  • PII Exposure On Oracle E-Business Suite

    Summary: CVE-2022-21567 On 23 May 2022 I discovered and reported a security issue on one of Oracle Products “Oracle E-Business Suite” the vulnerability has been patched on the latest version Oracle security team recommend using the latest version. Technical Description: PII Exposure was found on “Oracle E-Business Suite” The issue allows an authenticated attacker to […]