2021-05-08 20:17
Up!
Any update guys ?
Is anybody looking for alternative attack vectors ?
Any update guys ?
Is anybody looking for alternative attack vectors ?
(2021-05-09 1:09)aryo.gustave Wrote: I didn't try but looks like one way file upload arbitrary vulnerability.
(2021-07-22 14:45)Flamingi Wrote: I'd like to help. Is there a private group or something? Please pm me
(2021-07-22 17:59)sdc Wrote:(2021-07-22 14:45)Flamingi Wrote: I'd like to help. Is there a private group or something? Please pm me
The only way to crack this is to bruteforce md5 so unless anyone has powerfull GPU and is willing run this for a week there is no point in bumping the thread.
You could also try your luck in other parts of the app
(2021-07-22 17:59)sdc Wrote:(2021-07-22 14:45)Flamingi Wrote: I'd like to help. Is there a private group or something? Please pm me
The only way to crack this is to bruteforce md5 so unless anyone has powerfull GPU and is willing run this for a week there is no point in bumping the thread.
You could also try your luck in other parts of the app
(2021-07-23 6:49)Flamingi Wrote:(2021-07-22 17:59)sdc Wrote:(2021-07-22 14:45)Flamingi Wrote: I'd like to help. Is there a private group or something? Please pm me
The only way to crack this is to bruteforce md5 so unless anyone has powerfull GPU and is willing run this for a week there is no point in bumping the thread.
You could also try your luck in other parts of the app
I actually found another possible exploit (kt_member cookie), but need more info how this string is calculated.
(2021-07-23 9:57)eymbuhwvkkduckhlxm@ttirv.com Wrote:(2021-07-23 6:49)Flamingi Wrote:(2021-07-22 17:59)sdc Wrote: The only way to crack this is to bruteforce md5 so unless anyone has powerfull GPU and is willing run this for a week there is no point in bumping the thread.
You could also try your luck in other parts of the app
I actually found another possible exploit (kt_member cookie), but need more info how this string is calculated.
Have you got code about the cookie? Or is this off the back of looking at your own cookie? I've not seen it referenced anywhere but it sounds promising.
(2021-07-23 11:15)Flamingi Wrote:(2021-07-23 9:57)eymbuhwvkkduckhlxm@ttirv.com Wrote:(2021-07-23 6:49)Flamingi Wrote: I actually found another possible exploit (kt_member cookie), but need more info how this string is calculated.
Have you got code about the cookie? Or is this off the back of looking at your own cookie? I've not seen it referenced anywhere but it sounds promising.
If I get a private video with Postman it will return the page with the video blocked. If I set the kt_member cookie (just paste the value from my browser) it will return the page incl. the source link, so that is an alternative attack vector. Alternatively the PHPSession cookie can be used, but that one is just valid for a short amount of time. Just not sure how this value is calculated. It's 32 hex characters, but hashing my user ID with the usual alogirthms doesn't match. Maybe a salt is used? Or there is more hashed than just the ID, that's why I'm asking if anyone has more info on that.