Month: October 2022

  • Active Directory services account with plaintext password

    CVE-2022-XXXX Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users […]

  • Blind Insecure Direct Object Reference (IDOR) Leads To Export Other User’s Data

    Summary: The following write-up explains a vulnerability I found on Instagram. Due to an Instagram “Leads Submissions” flaw, I was able to export users’ data into a CSV file sent to my email. If you run a business Instagram account, you can collect information about your followers with a form/lead. For example, a store may […]

  • Creating a new user with admin Privilege

    CVE-2023-31923 Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users […]