CYBERSECURITY.MY Mail Server Bug (CWE-1392-1393)[Fix] | Ungku Nazmi

CYBERSECURITY.MY Mail Server Bug (CWE-1392-1393)[Fix]

Published on | Classified in | heat

Be yourself use your brain

Website Information

1

2

3
 
https://*****.cybersecurity.my

CWE-1392-1393

CYBERSECURITY MALAYSIA WEB MAIL

As mentioned above, the site is a Mail Server for Cyber Security Malaysia, and I was able to access into the web (Public), which leads to injection vulnerabilities. The following process :

Bypass

I have posted an article on how to bypass admin password CWE-1392-1393 by using Default credentials user and password, and here I will use its to bypass.No Need to use bruteforce Attack for this bypass . lol.

Access Web Mail

1
 
Access : https://*****.cybersecurity.my


Access Web Mail

Login Default Credentials Administrator CWE-1392-1393

1
 
Login Default Credentials Administrator


Login Default

Success Login

1
 
Success Login....


Login Success

CWE-1392-1393

1
 
I was able to use the email and Sent to them for reporting bug I've found


CWE-1392-1393

Bug Reported

P0C

I use the SUPERUSER@cybersecurity.my Email sending the bug . loxl xD

The bug had already been fixed. after my report CWE-1392, CWE-1393
Sorry about my english, is so bad😅
If you have any questions or suggestions, make sure to hit me in any of these mediums or the comments.
Thanks for reading.