-
Notifications
You must be signed in to change notification settings - Fork 0
/
dbbak.sql
1813 lines (1564 loc) · 271 KB
/
dbbak.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
--
-- PostgreSQL database dump
--
-- Dumped from database version 16.2 (Debian 16.2-1)
-- Dumped by pg_dump version 16.2 (Debian 16.2-1)
SET statement_timeout = 0;
SET lock_timeout = 0;
SET idle_in_transaction_session_timeout = 0;
SET client_encoding = 'UTF8';
SET standard_conforming_strings = on;
SELECT pg_catalog.set_config('search_path', '', false);
SET check_function_bodies = false;
SET xmloption = content;
SET client_min_messages = warning;
SET row_security = off;
SET default_tablespace = '';
SET default_table_access_method = heap;
--
-- Name: chats; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.chats (
id text NOT NULL,
project_id text,
name text DEFAULT ''::text,
user_id text
);
ALTER TABLE public.chats OWNER TO postgres;
--
-- Name: configs; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.configs (
id text NOT NULL,
team_id text DEFAULT '0'::text,
user_id text DEFAULT '0'::text,
name text DEFAULT ''::text,
display_name text DEFAULT ''::text,
data text DEFAULT ''::text,
visible bigint DEFAULT 0
);
ALTER TABLE public.configs OWNER TO postgres;
--
-- Name: credentials; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.credentials (
id text NOT NULL,
login text DEFAULT ''::text,
hash text DEFAULT ''::text,
hash_type text DEFAULT ''::text,
cleartext text DEFAULT ''::text,
description text DEFAULT ''::text,
source text DEFAULT ''::text,
services text DEFAULT '{}'::text,
user_id text,
project_id text
);
ALTER TABLE public.credentials OWNER TO postgres;
--
-- Name: files; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.files (
id text NOT NULL,
project_id text,
filename text DEFAULT ''::text,
description text DEFAULT ''::text,
services text DEFAULT '{}'::text,
type text DEFAULT 'binary'::text,
user_id text,
storage text DEFAULT 'filesystem'::text,
base64 text DEFAULT ''::text
);
ALTER TABLE public.files OWNER TO postgres;
--
-- Name: hostnames; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.hostnames (
id text NOT NULL,
host_id text,
hostname text,
description text DEFAULT ''::text,
user_id text
);
ALTER TABLE public.hostnames OWNER TO postgres;
--
-- Name: hosts; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.hosts (
id text NOT NULL,
project_id text,
ip text,
comment text DEFAULT ''::text,
user_id text,
threats text DEFAULT ''::text,
os text DEFAULT ''::text
);
ALTER TABLE public.hosts OWNER TO postgres;
--
-- Name: issuerules; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.issuerules (
id text NOT NULL,
name text DEFAULT ''::text,
team_id text DEFAULT ''::text,
user_id text DEFAULT ''::text,
search_rules text DEFAULT '[]'::text,
extract_vars text DEFAULT '[]'::text,
replace_rules text DEFAULT '[]'::text
);
ALTER TABLE public.issuerules OWNER TO postgres;
--
-- Name: issues; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.issues (
id text NOT NULL,
name text DEFAULT ''::text,
description text DEFAULT ''::text,
url_path text DEFAULT ''::text,
cvss double precision DEFAULT 0,
cwe bigint DEFAULT 0,
cve text DEFAULT ''::text,
user_id text NOT NULL,
services text DEFAULT '{}'::text,
status text DEFAULT ''::text,
project_id text NOT NULL,
type text DEFAULT 'custom'::text,
fix text DEFAULT ''::text,
param text DEFAULT ''::text,
fields text DEFAULT '{}'::text,
technical text DEFAULT ''::text,
risks text DEFAULT ''::text,
"references" text DEFAULT ''::text,
intruder text DEFAULT ''::text
);
ALTER TABLE public.issues OWNER TO postgres;
--
-- Name: issuetemplates; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.issuetemplates (
id text NOT NULL,
tpl_name text DEFAULT ''::text,
name text DEFAULT ''::text,
description text DEFAULT ''::text,
url_path text DEFAULT ''::text,
cvss double precision DEFAULT 0,
cwe bigint DEFAULT 0,
cve text DEFAULT ''::text,
status text DEFAULT ''::text,
type text DEFAULT 'custom'::text,
fix text DEFAULT ''::text,
param text DEFAULT ''::text,
fields text DEFAULT '{}'::text,
variables text DEFAULT '{}'::text,
user_id text DEFAULT ''::text,
team_id text DEFAULT ''::text,
technical text DEFAULT ''::text,
risks text DEFAULT ''::text,
"references" text DEFAULT ''::text,
intruder text DEFAULT ''::text
);
ALTER TABLE public.issuetemplates OWNER TO postgres;
--
-- Name: logs; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.logs (
id text NOT NULL,
teams text DEFAULT ''::text,
description text DEFAULT ''::text,
date bigint,
user_id text,
project text DEFAULT ''::text
);
ALTER TABLE public.logs OWNER TO postgres;
--
-- Name: messages; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.messages (
id text NOT NULL,
chat_id text,
message text DEFAULT ''::text,
user_id text,
"time" bigint
);
ALTER TABLE public.messages OWNER TO postgres;
--
-- Name: networkpaths; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.networkpaths (
id text NOT NULL,
host_out text DEFAULT ''::text,
network_out text DEFAULT ''::text,
host_in text DEFAULT ''::text,
network_in text DEFAULT ''::text,
description text DEFAULT ''::text,
project_id text DEFAULT ''::text,
type text DEFAULT 'connection'::text,
direction text DEFAULT 'forward'::text
);
ALTER TABLE public.networkpaths OWNER TO postgres;
--
-- Name: networks; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.networks (
id text NOT NULL,
ip text,
name text DEFAULT ''::text,
mask bigint,
comment text DEFAULT ''::text,
project_id text,
user_id text,
is_ipv6 bigint DEFAULT 0,
asn bigint DEFAULT 0,
access_from text DEFAULT '{}'::text,
internal_ip text DEFAULT ''::text,
cmd text DEFAULT ''::text
);
ALTER TABLE public.networks OWNER TO postgres;
--
-- Name: notes; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.notes (
id text NOT NULL,
project_id text,
name text DEFAULT ''::text,
text text DEFAULT ''::text,
host_id text DEFAULT ''::text,
user_id text,
type text DEFAULT 'html'::text
);
ALTER TABLE public.notes OWNER TO postgres;
--
-- Name: poc; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.poc (
id text NOT NULL,
port_id text DEFAULT ''::text,
description text DEFAULT ''::text,
type text DEFAULT ''::text,
filename text DEFAULT ''::text,
issue_id text,
user_id text,
hostname_id text DEFAULT '0'::text,
priority bigint DEFAULT 0,
storage text DEFAULT 'filesystem'::text,
base64 text DEFAULT ''::text
);
ALTER TABLE public.poc OWNER TO postgres;
--
-- Name: ports; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.ports (
id text NOT NULL,
host_id text,
port bigint,
is_tcp bigint DEFAULT 1,
service text DEFAULT 'other'::text,
description text DEFAULT ''::text,
user_id text,
project_id text
);
ALTER TABLE public.ports OWNER TO postgres;
--
-- Name: projects; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.projects (
id text NOT NULL,
name text DEFAULT ''::text,
description text DEFAULT ''::text,
type text DEFAULT 'pentest'::text,
scope text DEFAULT ''::text,
start_date bigint,
folder text DEFAULT ''::text,
end_date bigint,
report_title text DEFAULT ''::text,
auto_archive bigint DEFAULT 0,
status bigint DEFAULT 1,
testers text DEFAULT ''::text,
teams text DEFAULT ''::text,
admin_id text
);
ALTER TABLE public.projects OWNER TO postgres;
--
-- Name: reporttemplates; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.reporttemplates (
id text NOT NULL,
team_id text DEFAULT '0'::text,
user_id text DEFAULT '0'::text,
name text DEFAULT ''::text,
filename text DEFAULT ''::text,
storage text DEFAULT 'filesystem'::text,
base64 text DEFAULT ''::text
);
ALTER TABLE public.reporttemplates OWNER TO postgres;
--
-- Name: tasks; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.tasks (
id text NOT NULL,
name text DEFAULT ''::text,
project_id text DEFAULT ''::text,
description text DEFAULT ''::text,
start_date bigint DEFAULT 0,
finish_date bigint DEFAULT 0,
criticality text DEFAULT 'info'::text,
status text DEFAULT 'todo'::text,
users text DEFAULT '[]'::text,
teams text DEFAULT '[]'::text,
services text DEFAULT '{}'::text
);
ALTER TABLE public.tasks OWNER TO postgres;
--
-- Name: teams; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.teams (
id text NOT NULL,
admin_id text,
name text DEFAULT ''::text,
description text DEFAULT ''::text,
users text DEFAULT '{}'::text,
projects text DEFAULT ''::text,
admin_email text DEFAULT ''::text
);
ALTER TABLE public.teams OWNER TO postgres;
--
-- Name: tokens; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.tokens (
id text NOT NULL,
user_id text DEFAULT '0'::text,
name text DEFAULT ''::text,
create_date bigint DEFAULT 0,
duration bigint DEFAULT 0
);
ALTER TABLE public.tokens OWNER TO postgres;
--
-- Name: tool_sniffer_http_data; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.tool_sniffer_http_data (
id text NOT NULL,
sniffer_id text,
date bigint,
ip text DEFAULT ''::text,
request text DEFAULT ''::text
);
ALTER TABLE public.tool_sniffer_http_data OWNER TO postgres;
--
-- Name: tool_sniffer_http_info; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.tool_sniffer_http_info (
id text NOT NULL,
project_id text,
name text DEFAULT ''::text,
status bigint DEFAULT 200,
location text DEFAULT ''::text,
body text DEFAULT ''::text,
save_credentials bigint DEFAULT 0
);
ALTER TABLE public.tool_sniffer_http_info OWNER TO postgres;
--
-- Name: users; Type: TABLE; Schema: public; Owner: postgres
--
CREATE TABLE public.users (
id text NOT NULL,
fname text DEFAULT ''::text,
lname text DEFAULT ''::text,
email text,
company text DEFAULT ''::text,
password text,
favorite text DEFAULT ''::text
);
ALTER TABLE public.users OWNER TO postgres;
--
-- Data for Name: chats; Type: TABLE DATA; Schema: public; Owner: postgres
--
COPY public.chats (id, project_id, name, user_id) FROM stdin;
\.
--
-- Data for Name: configs; Type: TABLE DATA; Schema: public; Owner: postgres
--
COPY public.configs (id, team_id, user_id, name, display_name, data, visible) FROM stdin;
\.
--
-- Data for Name: credentials; Type: TABLE DATA; Schema: public; Owner: postgres
--
COPY public.credentials (id, login, hash, hash_type, cleartext, description, source, services, user_id, project_id) FROM stdin;
45e928a3-2f9c-4c8c-baa5-53d95bb53ed2 [email protected] P3mbetu1an {"dc763393-5092-4999-83aa-c54f094529cd": ["0"]} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
1f6e1e44-212a-4b13-ab5e-f45ab6bdf546 pentest_user pentest@mardi user biasa {"9414cb6c-70b2-407f-bb8c-8d53095a04f3": ["0"]} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 0dbc2858-bc39-4c8d-8cb5-b5a43eb38d99
bc2ee5af-cd58-49e9-a1ae-f4bea51dd3a3 pentest_su pentest@mardi user admin {"9414cb6c-70b2-407f-bb8c-8d53095a04f3": ["0"]} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 0dbc2858-bc39-4c8d-8cb5-b5a43eb38d99
\.
--
-- Data for Name: files; Type: TABLE DATA; Schema: public; Owner: postgres
--
COPY public.files (id, project_id, filename, description, services, type, user_id, storage, base64) FROM stdin;
5a8b01e2-0522-460d-becd-aa71354aa1c6 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:43:37.zip 1715643817 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
4b4e1612-d855-43a4-8efd-2a3622e2152a 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:43:38.zip 1715643818 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
14b12697-468c-4f47-b196-44962d5acc73 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:47:06.zip 1715644026 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
255aa675-04a9-4af4-b77e-1dd59028250e 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:47:06.zip 1715644027 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
f136b1f9-d769-4938-b5e8-357078107100 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:47:23.zip 1715644043 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
6b21683f-fab4-4afb-be5e-7ed36ec1ab7f 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:47:24.zip 1715644044 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
97052c86-1853-4677-8674-9e1262a3e4ff 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:47:59.txt 1715644079 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
398f9a34-5ac6-4952-93d4-8024757b4c3b 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:47:59.txt 1715644079 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
86cee306-c9b9-4d3c-8e10-b3c2a158214d 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:48:17.docx 1715644097 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
ccc3f8bc-813d-4078-9442-b7c2cabd86cb 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:48:17.docx 1715644098 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
3dca6e09-3834-41ab-bc12-78e53f9aa025 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:48:59.docx 1715644139 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
49004dc7-e040-48a1-a8e5-c94ff688a0f3 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:48:59.docx 1715644139 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
80d2eeb8-0c2a-4690-88af-4b6210fa7af0 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:49:14.docx 1715644155 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
64586117-e425-4051-93fa-68588cf785c8 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:49:17.docx 1715644158 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
9441faca-d681-4714-ad58-a4a3cf5705f3 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:49:50.docx 1715644191 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
917611ef-a2d8-4cb3-ad83-cf72ed48be5a 926ec7f5-5674-45dc-ae0d-bd996488cb2e report_2024-05-14T07:50:13.docx 1715644214 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
dbefb962-15c0-4443-881b-867f0f538274 42a774cc-6853-410f-8071-0801b67a9ded report_2024-05-15T03:52:07.docx 1715716328 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
c3a820eb-938c-4fdd-b657-01898652bcf9 42a774cc-6853-410f-8071-0801b67a9ded report_2024-05-15T03:52:34.docx 1715716355 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
d9d39b67-05c0-48ad-84b8-6a7338547dec 42a774cc-6853-410f-8071-0801b67a9ded report_2024-05-15T14:37:30.docx 1715755051 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
6b51c90c-790e-476e-be59-4fc2e95b68d9 42a774cc-6853-410f-8071-0801b67a9ded report_2024-05-15T14:37:44.docx 1715755065 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
e9bc297f-bda2-4a5d-a26a-57e6f9cf4b8e 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T01:43:55.docx 1715795035 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
3652614a-f38f-47b2-ae69-6c03e2f731c7 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T01:49:58.txt 1715795398 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
496ec879-2294-44ff-91c2-97fdb4c2973a 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T01:52:35.txt 1715795555 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
f05711f3-4065-4b24-accd-92bd406b6a61 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T01:52:50.docx 1715795571 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
cf5e9045-7a24-4900-befe-ef67cb17bde0 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T01:56:06.txt 1715795766 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
321d6723-8665-420d-b58d-a175cdebfc2a 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:02:18.txt 1715796138 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
bca865f0-e45b-4e57-8ebf-4ced9c5b5783 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:10:25.txt 1715796625 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
04244303-f268-47c1-a0af-b267ce98b46b 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:12:26.txt 1715796746 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
2bf066d2-c185-4cfc-9a54-404cbf65eda4 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:14:37.txt 1715796877 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
a0bc7332-4994-4d87-87eb-85b43d139bd0 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:15:54.txt 1715796954 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
73c12a18-0cd3-4fc4-863b-93f5aa8d3061 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:16:27.txt 1715796988 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
bf022874-e630-471d-8fe8-2209c6acaa0b 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:17:37.txt 1715797057 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
52d5508e-3d60-4090-8515-5fb81e611f3a 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:18:09.txt 1715797089 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
9384042f-d37d-40a4-9504-e4ef802bdaa2 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:19:57.txt 1715797197 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
0853192c-e7f9-489a-a9b5-9d50eb662b16 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:21:07.txt 1715797267 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
d248d6fe-b3ac-4db1-b9a9-72cf1f253db2 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:44:39.docx 1715798680 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
038584c1-424b-4d64-bb0a-e98f8702dace 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:47:27.docx 1715798848 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
8b0f073d-6448-4ce1-bad2-0f036f9e66c6 5e826717-ce5e-423c-be66-cbca319b2047 report_2024-05-16T02:48:42.docx 1715798922 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
36330092-60a4-4e76-925d-907e1ebfd586 42a774cc-6853-410f-8071-0801b67a9ded report_2024-05-16T05:39:57.docx 1715809197 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
a027df0d-384b-4f63-82ae-1c96a90fa736 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-17T08:47:51.txt 1715906871 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
6c3a4e9c-f3c2-4833-b4b8-dd782a167711 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-17T08:48:05.txt 1715906885 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
926a3784-6baa-43ee-88ff-d94816bf0603 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-17T08:50:36.txt 1715907036 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
e467d002-7993-4f2b-9137-c2e9593b1e41 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-17T08:50:42.txt 1715907042 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
ed302074-e7c2-4a55-89a6-cafcc8e75e31 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-17T08:54:50.txt 1715907290 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
04459036-bec5-4235-a7a9-dce6c2669eda b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-17T08:55:37.txt 1715907337 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
7ca3bf40-d78e-4a7f-a5e6-06f75f516914 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-17T08:57:20.txt 1715907440 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
64ec221a-5cec-4dfd-9416-7c1541cbaa95 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-17T08:59:22.txt 1715907562 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
7e9c42b9-e05e-4b07-b02b-690a7b22f70d b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-17T09:01:56.txt 1715907716 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
cbd78cdd-059f-41e7-baf9-ade7e91fb3d4 42a774cc-6853-410f-8071-0801b67a9ded report_2024-05-19T12:32:00.txt 1716093120 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
14654c83-c9bb-4f53-bab3-96e7fcfd9765 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T12:34:10.txt 1716093250 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
ae127dc9-e059-4031-b6ab-d440ba1c2690 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T12:56:09.txt 1716094569 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
7354f32a-5946-422e-bf11-744bc377e379 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:01:35.txt 1716094895 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
6f72baa2-a5ab-4f2e-b1d0-96aa38a7e28b b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:05:04.docx 1716095105 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
65f60ad1-3e62-4352-9260-0bae8703dee0 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:09:35.txt 1716095375 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
5a1e49d7-a611-4270-800b-903eda4e955d b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:11:50.txt 1716095510 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
f08bd792-2a8c-44eb-8a79-9184ae8720fb b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:13:04.txt 1716095584 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
c58767d0-0cb4-48ef-b8fe-e92e9ea5eb62 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:16:13.txt 1716095773 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
ae34e975-217d-4586-8ff4-382870e8b0f6 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:20:49.docx 1716096049 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
02d4384d-a848-402e-9b71-0d37f0284358 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:21:20.docx 1716096080 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
a6c3fe0e-2ba1-49ca-b57e-2c8f16629a90 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:34:59.docx 1716096900 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
866306d5-3d86-4755-a29e-3330bbeda401 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:35:08.docx 1716096909 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
f3aab7e0-4c0e-4277-8934-0f276732a349 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:37:27.docx 1716097048 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
08e895a9-787a-4153-8aa3-f99d23a16d75 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:37:54.docx 1716097075 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
28c2f235-73fe-4d3a-9556-7eadf9f34161 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:43:37.docx 1716097418 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
64b53317-a287-4e46-8c9f-3a7f7ed1d0ed b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:47:29.docx 1716097650 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
1ad368be-cce3-4c3c-8a3c-e425bce790b0 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:49:17.docx 1716097758 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
0a3ad614-f447-45df-9b37-0736ee2d4bd8 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:49:39.docx 1716097780 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
6739b8bf-de62-4f84-b29d-60bbf7cfe455 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T13:58:05.docx 1716098285 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
1c45df1a-2c32-4b4e-8b3e-91cea0550cca b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T14:07:03.docx 1716098824 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
7a8f04af-088b-4d5b-a0b1-62f9152a19c3 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T14:09:22.docx 1716098963 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
9770d201-f64a-42ef-ac34-65603d43a7ef b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T14:18:10.docx 1716099491 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
e8b24a93-083e-4d4b-a8b0-527616e931c2 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T14:21:55.docx 1716099716 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
c74c5d14-4cc9-4d06-9797-482359ccf756 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T14:24:13.docx 1716099854 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
5a032398-3ce9-4ccb-b13c-7a451c111942 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T15:31:10.docx 1716103871 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
b4850eb5-0738-49e3-a49a-ff7b69c4503b b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T17:06:42.docx 1716109603 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
c8c9a026-76d3-4adc-8389-3eb8de9d03c2 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T17:20:49.docx 1716110450 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
d3d2d6aa-2e7d-40bc-a63d-a57dc17cd860 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T17:27:44.docx 1716110864 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
33f5def8-1279-4100-828d-fb8c05e94dd1 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T17:34:16.docx 1716111257 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
c160c0db-3be5-48ec-bf84-029b54ca7b0c b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T17:52:11.docx 1716112331 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
8f06e9eb-4d73-4926-9184-06f0a39febb3 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T17:52:52.docx 1716112373 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
a3baec90-d0b7-40bb-acb1-cc8f526a397e b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T17:53:30.docx 1716112411 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
0ef12179-4592-48ac-87ce-01621ad3177e b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T17:57:03.docx 1716112623 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
70712927-f875-49e5-bd24-ed1a9cdc7263 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T17:59:23.docx 1716112764 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
070060e8-bd58-458a-ac19-0969a305260a b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:11:49.docx 1716113510 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
3e2799d8-8b1d-4c95-8172-7392c55c7ec9 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:21:24.docx 1716114085 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
39f4d7ef-0164-4aa0-ac30-9d67c3d90c7e b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:23:39.docx 1716114220 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
76fe9398-0cb6-4840-9ba1-3d8dc005bdda b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:26:54.docx 1716114414 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
79654dd0-6c43-45ec-abb6-d3f57e70ec7a b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:30:19.docx 1716114620 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
147e61e9-f80b-4395-b746-edff3bc8917a b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:35:02.docx 1716114903 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
64e37842-cf0e-4d27-9ebf-249b8032e7a5 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:35:24.docx 1716114924 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
1dc8f71d-86df-446e-8a0e-f812403e6d69 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:35:58.docx 1716114959 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
a13bc700-411a-4a4b-8779-fc7b71d44b11 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:39:14.docx 1716115155 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
788b1f4b-549f-4a80-a0bb-78032965e257 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:39:59.docx 1716115199 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
baaed9db-ab9d-49ba-8109-1709364b2438 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T18:40:25.docx 1716115226 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
f0f1b2b9-f1dc-4076-956b-bc0d69ddfa1c b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:11:02.docx 1716120663 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
355bd2c1-2aba-40d9-a797-b709daa5e15c b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:12:31.docx 1716120751 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
538d3a28-8705-49f5-bb55-d6b10422164e b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:22:08.docx 1716121329 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
abba934a-06ca-4166-ac91-2f09b7ca70b0 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:23:35.docx 1716121416 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
51b67241-1416-44f5-90e5-b57fbcff03d0 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:26:07.docx 1716121568 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
757e5666-8c30-4e24-86ab-866b94cc4683 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:30:58.docx 1716121859 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
da11e6ed-0320-45af-9d77-2654b844892c b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:33:37.docx 1716122018 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
e5e4d6c6-9cdf-41b8-b6ce-51a77dca97f7 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:35:39.docx 1716122139 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
e70ad13d-b2ed-4e88-afab-907bd729f373 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:36:20.docx 1716122181 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
1e8f54d2-dba9-4290-9344-38d4e8667f5b b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:38:00.docx 1716122280 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
6f2d6948-4575-4e75-951d-a2664b5d616e b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:40:47.docx 1716122448 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
b108c2e1-2207-48ec-9b8e-df202fb96d2a b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:41:19.docx 1716122480 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
7aaf7f8e-de8f-46a4-9713-8c546c32451c b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T20:50:29.docx 1716123030 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
0b0c7dcc-6164-44e9-b8a5-c55c90f179aa b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T21:01:31.docx 1716123691 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
44575a18-2164-4c0a-992b-bab61f953051 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T21:03:57.docx 1716123838 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
8bf2b066-6168-4a17-a4ca-a9a105cc7aa8 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T21:05:40.docx 1716123940 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
263df86c-f37a-4b32-826e-6a0caf9ee956 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T21:06:20.docx 1716123981 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
a680b9c3-e82f-440d-9c17-e9b9e22c1724 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T21:06:45.docx 1716124006 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
d3c40258-e3bd-4bb7-8b83-b18b02d77c42 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T21:12:24.docx 1716124344 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
22fb0ee2-f0df-4945-81a2-bc0b33f65ebc b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-19T21:26:30.docx 1716125191 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
68bec3c0-4318-4a02-a1cf-8ad426b12049 0dbc2858-bc39-4c8d-8cb5-b5a43eb38d99 report_2024-05-20T18:35:57.docx 1716201358 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
5bc96468-638d-4b81-bbeb-8267fa95c47e 0dbc2858-bc39-4c8d-8cb5-b5a43eb38d99 report_2024-05-20T18:36:56.txt 1716201416 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
fe4fae2f-907c-4b27-a214-eef5fb2259d4 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-21T00:16:29.docx 1716221790 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
d4fcabd4-757b-4f33-87da-d7a11e8971c7 b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-21T00:17:27.docx 1716221848 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
d6bbefff-3885-4135-a099-72a8b8411a8f b25edd49-04c1-4a21-b42b-05557dcf29cd report_2024-05-21T00:19:30.docx 1716221971 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
6884bab2-29e9-46b3-aab0-298059c173f1 9dd7d458-5124-4358-943d-8d3bd8f4abe6 report_2024-05-21T21:42:07.docx 1716298928 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
b2839031-b69e-4252-9637-37f3f6d4322f 9dd7d458-5124-4358-943d-8d3bd8f4abe6 report_2024-05-21T21:43:38.docx 1716299019 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
5c5a4015-ef93-47a3-88a4-ad7b78ea71ac 9dd7d458-5124-4358-943d-8d3bd8f4abe6 report_2024-05-21T21:43:51.txt 1716299031 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
dda25c98-311a-4d8e-ab9a-f5f1407f0edf af66f73f-15ab-4c1e-8537-ef381a0a6025 report_2024-05-23T13:48:16.docx 1716443297 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
4bb7d569-2d45-4543-9aad-b90bae5fc57f 6e3ed207-03f6-4f7a-bcf1-7acc5a8d4398 report_2024-05-26T22:34:34.docx 1716734075 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
589e58b9-84e4-42da-b94c-d332f465613b 6e3ed207-03f6-4f7a-bcf1-7acc5a8d4398 report_2024-05-29T14:32:31.docx 1716964352 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
8e5acf5d-cd2a-4b5b-9978-97ca0df3fac1 6e3ed207-03f6-4f7a-bcf1-7acc5a8d4398 report_2024-05-29T14:41:17.txt 1716964877 "{}" report 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c filesystem
\.
--
-- Data for Name: hostnames; Type: TABLE DATA; Schema: public; Owner: postgres
--
COPY public.hostnames (id, host_id, hostname, description, user_id) FROM stdin;
\.
--
-- Data for Name: hosts; Type: TABLE DATA; Schema: public; Owner: postgres
--
COPY public.hosts (id, project_id, ip, comment, user_id, threats, os) FROM stdin;
ac3c0711-cb63-4a31-9175-8e25cf7f0016 926ec7f5-5674-45dc-ae0d-bd996488cb2e mada.gov.my vv 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
6eb8f707-f5e0-42b4-83c1-ff86694fe043 926ec7f5-5674-45dc-ae0d-bd996488cb2e portal.mada.gov.my kjhk 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
e9115140-5869-4a39-8bf9-a92fe2172966 926ec7f5-5674-45dc-ae0d-bd996488cb2e hrms.mada.gov.my hrms.mada.gov.my 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
71716422-0809-462f-94a5-bb2c4f885be0 42a774cc-6853-410f-8071-0801b67a9ded uat-admin.myinvois.hasil.gov.my Admin UAT 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
491d10b7-0f16-40f4-ac41-3e80df418b3b 5e826717-ce5e-423c-be66-cbca319b2047 uat-admin.myinvois.hasil.gov.my Admin UAT 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c ["high", "offline"] Windows Server 2008
1008494e-857f-4a8d-989d-455353f21a62 b25edd49-04c1-4a21-b42b-05557dcf29cd host1.com 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
477e087d-3063-40a2-9c9d-e236e4dec111 b25edd49-04c1-4a21-b42b-05557dcf29cd host2.com 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
3b4c44f1-0d59-4389-bdbf-f61109395bcd b25edd49-04c1-4a21-b42b-05557dcf29cd host3.com 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
23acc9a8-8003-4fc4-b3bf-e5e25b2026d9 b25edd49-04c1-4a21-b42b-05557dcf29cd testurlyangpanjang.lhdn.gov.my testurlyangpanjang.lhdn.gov.my 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
101cbf1a-c9d0-4b2a-aaa3-be59deb3324d 0dbc2858-bc39-4c8d-8cb5-b5a43eb38d99 pentest-portal.mardi.gov.my/ 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
4586d29a-df05-4130-b5e6-0ff0d316b700 9dd7d458-5124-4358-943d-8d3bd8f4abe6 livechat.ptptn.gov.my 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
5612a6bd-5242-47d6-ac60-6198bab246b3 9dd7d458-5124-4358-943d-8d3bd8f4abe6 myptptn.ptptn.gov.my Live PTPTN 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
986034dc-d4c9-4a0b-8c7f-b9af2a1945fa 9dd7d458-5124-4358-943d-8d3bd8f4abe6 myptptnstg.ptptn.gov.my Staging 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
67e1544b-761e-4e5a-bd0f-e9c53fa8f8cb af66f73f-15ab-4c1e-8537-ef381a0a6025 gateway.n9pay.ns.gov.my Gateway N9 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
ccd40241-de9e-4c94-aab7-d5c504243e77 6e3ed207-03f6-4f7a-bcf1-7acc5a8d4398 GPKI Mobile GPKI Mobile 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c []
\.
--
-- Data for Name: issuerules; Type: TABLE DATA; Schema: public; Owner: postgres
--
COPY public.issuerules (id, name, team_id, user_id, search_rules, extract_vars, replace_rules) FROM stdin;
\.
--
-- Data for Name: issues; Type: TABLE DATA; Schema: public; Owner: postgres
--
COPY public.issues (id, name, description, url_path, cvss, cwe, cve, user_id, services, status, project_id, type, fix, param, fields, technical, risks, "references", intruder) FROM stdin;
d2b40a24-3b6d-427a-b63e-5ebdcf183429 File Information Disclosure An information disclosure vulnerability exists in the remote web server due to the disclosure of the web.config file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose potentially sensitive configuration information. https://uat-admin.myinvois.hasil.gov.my/static/js/main.6f9542f1.js.LICENSE.txt 6.5 1230 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"5962e521-e09e-4230-a3ed-c97346a05556": ["0"]} Need to recheck 5e826717-ce5e-423c-be66-cbca319b2047 custom Declare this rule on .htaccess. For Examples:\r\n\r\n<files filename.ext>\r\n order allow,deny\r\n deny from all\r\n</files> - {"origin_cvss_vector": {"val": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "type": "text"}} Access through this URL, https://uat-admin.myinvois.hasil.gov.my/static/js/main.6f9542f1.js.LICENSE.txt\r\nAll generated plugins when building the source code will display here An unauthenticated, remote attacker can exploit this file, via a simple GET request, to disclose potentially sensitive configuration information. https://wordpress.stackexchange.com/questions/5400/prevent-access-or-auto-delete-readme-html-license-txt-wp-config-sample-php\r\nhttps://stackoverflow.com/questions/11728976/how-to-deny-access-to-a-file-in-htaccess GET /static/js/main.6f9542f1.js.LICENSE.txt HTTP/2\r\nHost: uat-admin.myinvois.hasil.gov.my\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36\r\nAccept: */*\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9\r\nPriority: u=1, i\r\n\r\n
d7ab474e-9e30-4a49-81a5-a6ec1d8d936c Insecure File Upload Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. https://uat-api.myinvois.hasil.gov.my/admin/api/v1.0/taxpayers/IG10653040 5.8 1073 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"dc763393-5092-4999-83aa-c54f094529cd": ["0"]} Need to recheck 42a774cc-6853-410f-8071-0801b67a9ded web Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist approach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like .htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder so the files within it are not executable. If possible, rename the files that are uploaded. CompanyIcon {"origin_cvss_vector": {"val": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "type": "text"}, "cvss_vector": {"val": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "type": "text"}} 1. First we trying to upgrade normal picture with bigger than 250kb. However we unsuccessfuly upload\r\n2. We upload the allowed picture and intercept the request\r\n3. We found that the picture was encoded in based64\r\n4. Encode payload .html file with based64 using tools.\r\n5. change the value of the base64 to our payload\r\n6. successfully upload the file. 1. Server-side attacks: The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, or exploit the local vulnerabilities, and so forth.\r\n\r\n2. Client-side attacks: Uploading malicious files can make the website vulnerable to client-side attacks such as XSS or Cross-site Content Hijacking.\r\n\r\n3. Uploaded files can be abused to exploit other vulnerable sections of an application when a file on the same or a trusted server is needed (can again lead to client-side or server-side attacks)\r\n\r\n4. A malicious file such as a Unix shell script, a windows virus, an Excel file with a dangerous formula, or a reverse shell can be uploaded on the server in order to execute code by an administrator or webmaster later – on the victim’s machine.\r\n\r\n5. An attacker might be able to put a phishing page into the website or deface the website.\r\n https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload PUT /admin/api/v1.0/taxpayers/IG10653040 HTTP/2\r\nHost: uat-api.myinvois.hasil.gov.my\r\nContent-Length: 72014\r\nSec-Ch-Ua: "Not-A.Brand";v="99", "Chromium";v="124"\r\nAccept-Language: en\r\nSec-Ch-Ua-Mobile: ?0\r\nAuthorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Ijk2RjNBNjU2OEFEQzY0MzZDNjVBNDg1MUQ5REM0NTlFQTlCM0I1NTRSUzI1NiIsIng1dCI6Imx2T21Wb3JjWkRiR1draFIyZHhGbnFtenRWUSIsInR5cCI6ImF0K2p3dCJ9.eyJpc3MiOiJodHRwczovL3VhdC1pZGVudGl0eS5teWludm9pcy5oYXNpbC5nb3YubXkiLCJuYmYiOjE3MTU3MTQzMzgsImlhdCI6MTcxNTcxNDMzOCwiZXhwIjoxNzE1NzE1MjM4LCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwiYWRtaW5wb3J0YWwuYmZmLmFwaSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJleHRlcm5hbCJdLCJjbGllbnRfaWQiOiI1NDI0ODAwMy1EQ-and other encoded bit-"}
595fa6d3-a72b-4262-a83e-3f2581887e62 Cross Site Scripting (XSS) Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data. 8.3 0 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"5f67db4e-d546-4a12-8597-8c9d4f7fdde4": ["0"]} Need to recheck b25edd49-04c1-4a21-b42b-05557dcf29cd custom Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.\r\nIn general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures:\r\nFilter input on arrival. At the point where user input is received, filter as strictly as possible based on what is expected or valid input.\r\nEncode data on output. At the point where user-controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, JavaScript, and CSS encoding.\r\nUse appropriate response headers. To prevent XSS in HTTP responses that are not intended to contain any HTML or JavaScript, you can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend.\r\nContent Security Policy. As a last line of defence, you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.\r\n {} Cross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application. https://portswigger.net/web-security/cross-site-scripting
2848237c-f97a-4cdf-9def-93d5d3501c9f Insecure File Upload Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. 1.6 0 CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"0024d2df-ab61-43bd-9cc8-fe805e5617a7": ["0"]} Need to recheck b25edd49-04c1-4a21-b42b-05557dcf29cd custom Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist approach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like .htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder so the files within it are not executable. If possible, rename the files that are uploaded. {"origin_cvss_vector": {"val": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L", "type": "text"}} 1. Server-side attacks: The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, or exploit the local vulnerabilities, and so forth.\r\n\r\n2. Client-side attacks: Uploading malicious files can make the website vulnerable to client-side attacks such as XSS or Cross-site Content Hijacking.\r\n\r\n3. Uploaded files can be abused to exploit other vulnerable sections of an application when a file on the same or a trusted server is needed (can again lead to client-side or server-side attacks)\r\n\r\n4. A malicious file such as a Unix shell script, a windows virus, an Excel file with a dangerous formula, or a reverse shell can be uploaded on the server in order to execute code by an administrator or webmaster later – on the victim’s machine.\r\n\r\n5. An attacker might be able to put a phishing page into the website or deface the website.\r\n https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
2f3c93d8-4b91-413f-b94d-3e2bad2f58a3 File Information Disclosure An information disclosure vulnerability exists in the remote web server due to the disclosure of the web.config file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose potentially sensitive configuration information. 7.1 0 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"5f67db4e-d546-4a12-8597-8c9d4f7fdde4": ["0"]} Need to recheck b25edd49-04c1-4a21-b42b-05557dcf29cd custom Declare this rule on .htaccess. For Examples:\r\n\r\n<files filename.ext>\r\n order allow,deny\r\n deny from all\r\n</files> {"origin_cvss_vector": {"val": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "text"}} An unauthenticated, remote attacker can exploit this file, via a simple GET request, to disclose potentially sensitive configuration information. https://wordpress.stackexchange.com/questions/5400/prevent-access-or-auto-delete-readme-html-license-txt-wp-config-sample-php\r\nhttps://stackoverflow.com/questions/11728976/how-to-deny-access-to-a-file-in-htaccess
89a66131-8ace-4c24-b048-cba029e741c0 Unauthenticate SQL injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behaviour. 9.5 0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"5f67db4e-d546-4a12-8597-8c9d4f7fdde4": ["0"]} Need to recheck b25edd49-04c1-4a21-b42b-05557dcf29cd web Most instances of SQL injection can be prevented by using parameterized queries (also known as prepared statements) instead of string concatenation within the query.\r\nThe following code is vulnerable to SQL injection because the user input is concatenated directly into the query:\\n\r\n\r\nString query = "SELECT * FROM products WHERE category = '"+ input + "'";\\n\r\nStatement statement = connection.createStatement();\\n\r\nResultSet resultSet = statement.executeQuery(query);\r\nThis code can be easily rewritten in a way that prevents the user input from interfering with the query structure:\r\nPreparedStatement statement = connection.prepareStatement("SELECT * FROM products WHERE category = ?");\r\nstatement.setString(1, input);\r\nResultSet resultSet = statement.executeQuery();\r\n\r\nParameterized queries can be used for any situation where untrusted input appears as data within the query, including the WHERE clause and values in an INSERT or UPDATE statement. They cannot be used to handle untrusted input in other parts of the query, such as table or column names, or the ORDER BY clause. Application functionality that places untrusted data into those parts of the query will need to take a different approach, such as white listing permitted input values, or using different logic to deliver the required behaviour.\r\n\r\nFor a parameterized query to be effective in preventing SQL injection, the string that is used in the query must always be a hard-coded constant and must never contain any variable data from any origin. Do not be tempted to decide case-by-case whether an item of data is trusted and continue using string concatenation within the query for cases that are considered safe. It is all too easy to make mistakes about the possible origin of data, or for changes in other code to violate assumptions about what data is tainted.\r\n {} 1. Test\r\n2. TETfdsfsfdsfa\r\n3. TEfdsf dfdslfjd;a A successful SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. https://portswigger.net/web-security/sql-injection\r\nhttps://www.acunetix.com/websitesecurity/sql-injection/
e6a75ac9-33d1-49b5-a105-a652dffed734 Unauthenticate SQL injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behaviour. 9.5 0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"5f67db4e-d546-4a12-8597-8c9d4f7fdde4": ["0"]} Need to recheck b25edd49-04c1-4a21-b42b-05557dcf29cd web Most instances of SQL injection can be prevented by using parameterized queries (also known as prepared statements) instead of string concatenation within the query.\r\nThe following code is vulnerable to SQL injection because the user input is concatenated directly into the query:/n\r\nString query = "SELECT * FROM products WHERE category = '"+ input + "'";\\n\r\nStatement statement = connection.createStatement();\\r\\n\r\nResultSet resultSet = statement.executeQuery(query);\r\nThis code can be easily rewritten in a way that prevents the user input from interfering with the query structure:\r\nPreparedStatement statement = connection.prepareStatement("SELECT * FROM products WHERE category = ?");\r\nstatement.setString(1, input);\r\nResultSet resultSet = statement.executeQuery();\r\n\r\nParameterized queries can be used for any situation where untrusted input appears as data within the query, including the WHERE clause and values in an INSERT or UPDATE statement. They cannot be used to handle untrusted input in other parts of the query, such as table or column names, or the ORDER BY clause. Application functionality that places untrusted data into those parts of the query will need to take a different approach, such as white listing permitted input values, or using different logic to deliver the required behaviour.\r\n\r\nFor a parameterized query to be effective in preventing SQL injection, the string that is used in the query must always be a hard-coded constant and must never contain any variable data from any origin. Do not be tempted to decide case-by-case whether an item of data is trusted and continue using string concatenation within the query for cases that are considered safe. It is all too easy to make mistakes about the possible origin of data, or for changes in other code to violate assumptions about what data is tainted.\r\n {} A successful SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. https://portswigger.net/web-security/sql-injection\r\nhttps://www.acunetix.com/websitesecurity/sql-injection/
e6fa72dc-40e6-4f6f-b323-2edcaccc0502 .htaccess Disclosure The remote web server discloses information via HTTP request. https://pentest-portal.mardi.gov.my/htaccess.txt 5.1 0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"9414cb6c-70b2-407f-bb8c-8d53095a04f3": ["0"]} Need to recheck 0dbc2858-bc39-4c8d-8cb5-b5a43eb38d99 custom Change the configuration to block access to these files by set in .htaccess\r\n<Files ~ "^\\.(htaccess|htpasswd)$">\r\ndeny from all\r\n</Files> {"origin_cvss_vector": {"val": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "type": "text"}} 1. Access the htaccess.txt using browser https://pentest-portal.mardi.gov.my/htaccess.txt or https://pentest-portal.mardi.gov.my/htaccess-ori\r\n2. Observe the findings The server does not properly restrict access to .htaccess and/or .htpasswd files. A remote unauthenticated attacker can download these files and potentially uncover important information.\r\n https://www.tenable.com/plugins/nessus/106231\r\nhttps://stackoverflow.com/questions/11831698/trying-to-hide-htaccess-file GET /htaccess.txt HTTP/1.1\r\nHost: pentest-portal.mardi.gov.my\r\nCookie: 4128f9f5b9e70a4061c506a29054b1a9=hnrn0tjtfu4nt0genvo9oeo388; 9e374ee8243494d64d952785ee18a4f0=6rvdbcdpdpsjmd6gt34lt1vqi3\r\nSec-Ch-Ua: "Not-A.Brand";v="99", "Chromium";v="124"\r\nSec-Ch-Ua-Mobile: ?0\r\nSec-Ch-Ua-Platform: "Windows"\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9\r\nPriority: u=0, i\r\nConnection: close\r\n\r\n
2888f910-9591-4c6b-9879-6a6e747cf19b Joomla XML disclose file and version Joomla allow joomla.xml file https://pentest-portal.mardi.gov.my/administrator/manifests/files/joomla.xml 4.3 0 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"9414cb6c-70b2-407f-bb8c-8d53095a04f3": ["0"]} Need to recheck 0dbc2858-bc39-4c8d-8cb5-b5a43eb38d99 custom Oftenly, the joomla.xml were not used and able to remove the file from server. Alternatively, deny the file from being access by configure .htaccess.\r\n\r\n<Files ~ "^.*">\r\n Deny from all\r\n</Files> {} 1. Access the pages https://pentest-portal.mardi.gov.my/administrator/manifests/files/joomla.xml\r\n2. Found all the project structure of the system Attacker able to gain the file tree and version of plugins used in Joomla https://forum.joomla.org/viewtopic.php?t=1005483\r\nhttps://forum.joomla.org/viewtopic.php?t=902633 GET /administrator/manifests/files/joomla.xml HTTP/1.1\r\nHost: pentest-portal.mardi.gov.my\r\nCookie: atumSidebarState=open; 4128f9f5b9e70a4061c506a29054b1a9=hnrn0tjtfu4nt0genvo9oeo388; 9e374ee8243494d64d952785ee18a4f0=inrii4ockvao83t6ljm0pt7rbc; _ga=GA1.1.2008948846.1716178257; _ga_W56G32JSEL=GS1.1.1716178256.1.1.1716178455.0.0.0\r\nCache-Control: max-age=0\r\nSec-Ch-Ua: "Not-A.Brand";v="99", "Chromium";v="124"\r\nSec-Ch-Ua-Mobile: ?0\r\nSec-Ch-Ua-Platform: "Windows"\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9\r\nPriority: u=0, i\r\nConnection: close\r\n\r\n
641f6dd3-47f1-4ded-8f2c-d46e4efb9a46 Joomla Administrator Folder disclosure Joomla able to access the Administrator folder without any authentication https://pentest-portal.mardi.gov.my/administrator/manifests/files/joomla.xml 3.5 0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"9414cb6c-70b2-407f-bb8c-8d53095a04f3": ["0"]} Need to recheck 0dbc2858-bc39-4c8d-8cb5-b5a43eb38d99 custom Implement zero trust by restricting the access to admin folder and allow only specific ip. This can be done by creating .htaccess on root of Administrator and add the following code:\r\n\r\n<Limit GET POST>\r\n order deny,allow\r\n deny from all\r\n allow from 192.168.x.x\r\n</Limit> {} 1. Access any pages under the /Administrator folder\r\n2. Find any interesting files Attacker might able to gain personal access like plugins version and information of the system https://www.itsupportguides.com/knowledge-base/joomla-tips/joomla-how-to-use-htaccess-to-protect-the-administrator-directory/#:~:text=As%20a%20Joomla%20administrator%20one%20of%20the%20simplest,you.%20This%20can%20be%20done%20quite%20easily%20using.htaccess. GET /administrator/manifests/files/joomla.xml HTTP/1.1\r\nHost: pentest-portal.mardi.gov.my\r\nCookie: atumSidebarState=open; 4128f9f5b9e70a4061c506a29054b1a9=hnrn0tjtfu4nt0genvo9oeo388; 9e374ee8243494d64d952785ee18a4f0=inrii4ockvao83t6ljm0pt7rbc; _ga=GA1.1.2008948846.1716178257; _ga_W56G32JSEL=GS1.1.1716178256.1.1.1716178455.0.0.0\r\nCache-Control: max-age=0\r\nSec-Ch-Ua: "Not-A.Brand";v="99", "Chromium";v="124"\r\nSec-Ch-Ua-Mobile: ?0\r\nSec-Ch-Ua-Platform: "Windows"\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9\r\nPriority: u=0, i\r\nConnection: close\r\n\r\n
b9819023-7a56-4ab4-b809-896c748f9bfa Directory Listing Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. It is dangerous to leave this function turned on for the web server because it leads to information disclosure. https://livechat.ptptn.gov.my/assets/ 4.7 0 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"6f31ce9b-be64-4458-b9a9-5c278bf352e8": ["0"]} Need to recheck 9dd7d458-5124-4358-943d-8d3bd8f4abe6 custom There is not usually any good reason to provide directory listings and disabling them may place additional hurdles in the path of an attacker. This can normally be achieved in two ways:\r\n•\tConfigure your web server to prevent directory listings for all paths beneath the web root.\r\n•\tPlace into each directory a default file (such as index.htm) that the web server will display instead of returning a directory listing.\r\n {} 1. Access the URL , https://livechat.ptptn.gov.my/assets/. \r\n2. Found the Directory listing. Directory listings themselves do not necessarily constitute a security vulnerability. Any sensitive resources within the web root should in any case be properly access-controlled and should not be accessible by an unauthorized party who happens to know or guess the URL. Even when directory listings are disabled, an attacker may guess the location of sensitive files using automated tools https://portswigger.net/kb/issues/00600100_directory-listing\r\nhttps://www.acunetix.com/vulnerabilities/web/directory-listings/ GET /assets HTTP/1.1\r\nHost: livechat.ptptn.gov.my\r\nSec-Ch-Ua: "Not-A.Brand";v="99", "Chromium";v="124"\r\nSec-Ch-Ua-Mobile: ?0\r\nSec-Ch-Ua-Platform: "Windows"\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9\r\nPriority: u=0, i\r\nConnection: close\r\n\r\n
5c2583a9-ecc1-42d3-a644-ac07c5d42ade Error Message Disclose Sensitive information The application error message discloses sensitive information such as path and line of code. https://myptptnstg.ptptn.gov.my/PtptnDbService/v2/calculator/saving 5.3 1230 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"944889ce-3165-4363-a55a-b768f8979679": ["0"]} Need to recheck 9dd7d458-5124-4358-943d-8d3bd8f4abe6 web Create a custom error pages or show general information like "server encounter error". {} 1. Access the url\r\n2. Intercept the request and change to any string.\r\n3. Observe the value. An attacker may user this information to craft exploit to bypass the restriction. https://www.php.net/manual/en/function.oci-error.php POST /PtptnDbService/v2/calculator/saving HTTP/2\r\nHost: myptptnstg.ptptn.gov.my\r\nCookie: _gcl_au=1.1.1941488683.1716282160; _fbp=fb.2.1716282160361.486006788; _tt_enable_cookie=1; _ttp=H9hIZLlEoz_TFhHvl2JwGmsBwVe; _ga=GA1.3.1060422940.1716282159; _gid=GA1.3.242300084.1716282161; _gat_gtag_UA_118586866_3=1; _ga_1HV7RSN8YN=GS1.1.1716282158.1.0.1716282161.57.0.0\r\nContent-Length: 42\r\nSec-Ch-Ua: "Not-A.Brand";v="99", "Chromium";v="124"\r\nAccept: application/json, text/plain, */*\r\nContent-Type: application/json\r\nSec-Ch-Ua-Mobile: ?0\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36\r\nSec-Ch-Ua-Platform: "Windows"\r\nOrigin: https://myptptnstg.ptptn.gov.my\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\nReferer: https://myptptnstg.ptptn.gov.my/ptptn/app/saving_calculator\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9\r\nPriority: u=1, i\r\n\r\n{"expectedSaving":"7*7","yearPeriod":"11"}
6e3b5986-3760-4bda-b451-fd4ac41851b8 Broken Access Control able to view other loan details Access control (or authorization) is the application of constraints on who (or what) can perform attempted actions or access resources that they have requested. In the context of web applications, access control is dependent on authentication and session management:\r\n\r\n•\tAuthentication identifies the user and confirms that they are who they say they are.\r\n•\tSession management identifies which subsequent HTTP requests are being made by that same user.\r\n•\tAccess control determines whether the user can carry out the action that they are attempting to perform.\r\n\r\nBroken access controls are a commonly encountered and often critical security vulnerability. Design and management of access controls is a complex and dynamic problem that applies business, organizational, and legal constraints to a technical implementation. Access control design decisions have to be made by humans, not technology, and the potential for errors is high.\r\n https://myptptnstg.ptptn.gov.my/ptptn/app_api/statement/get_ujrah_details_statement 8.5 0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"944889ce-3165-4363-a55a-b768f8979679": ["0"]} Need to recheck 9dd7d458-5124-4358-943d-8d3bd8f4abe6 web Access control vulnerabilities can generally be prevented by taking a defense-in-depth approach and applying the following principles:\r\n\r\n•\tNever rely on obfuscation alone for access control.\r\n•\tUnless a resource is intended to be publicly accessible, deny access by default.\r\n•\tWherever possible, use a single application-wide mechanism for enforcing access controls.\r\n•\tAt the code level, make it mandatory for developers to declare the access that is allowed for each resource, and deny access by default.\r\n•\tThoroughly audit and test access controls to ensure they are working as designed.\r\n "no_mykad":"960506065011" {} 1. Login using any account.\r\n2. Go to Semakan Penyata\r\n3. View statement\r\n4. Turn on intercept mode and change the year to 2022\r\n5. Change the no_mykad value \r\n6. Able to view the statement of the corresponding mykad An attacker might be able to perform horizontal and vertical privilege escalation by altering the user to one with additional privileges while bypassing access controls. Other possibilities include exploiting password leakage or modifying parameters once the attacker has landed in the user's accounts page, for example. https://portswigger.net/web-security/access-control/idor\r\nhttps://www.kiuwan.com/blog/owasp-top-10-2017-a5-broken-access-control\r\nhttps://portswigger.net/web-security/access-control\r\n POST /ptptn/app_api/statement/get_ujrah_details_statement HTTP/2\r\nHost: myptptnstg.ptptn.gov.my\r\nCookie: JSESSIONID=9FC0EE46E72BAEE61B589150081402BD; _gcl_au=1.1.1941488683.1716282160; _fbp=fb.2.1716282160361.486006788; _tt_enable_cookie=1; _ttp=H9hIZLlEoz_TFhHvl2JwGmsBwVe; _gid=GA1.3.242300084.1716282161; _ga=GA1.3.1060422940.1716282159; _ga_1HV7RSN8YN=GS1.1.1716289473.2.1.1716290171.60.0.0\r\nContent-Length: 64\r\nSec-Ch-Ua: "Not-A.Brand";v="99", "Chromium";v="124"\r\nAccept: application/json, text/plain, */*\r\nContent-Type: application/json;charset=UTF-8\r\nAccept-Language: bm\r\nSec-Ch-Ua-Mobile: ?0\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36\r\nSec-Ch-Ua-Platform: "Windows"\r\nOrigin: https://myptptnstg.ptptn.gov.my\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\nReferer: https://myptptnstg.ptptn.gov.my/ptptn/app/home\r\nAccept-Encoding: gzip, deflate, br\r\nPriority: u=1, i\r\n\r\n{"no_mykad":"960506065011","year":2024,"date_filter":"365 HARI"}
48ea6b42-52bf-4d05-9c07-3a265dfeb0e3 Broken Access Control able to view other loan details Access control (or authorization) is the application of constraints on who (or what) can perform attempted actions or access resources that they have requested. In the context of web applications, access control is dependent on authentication and session management:\r\n\r\n•\tAuthentication identifies the user and confirms that they are who they say they are.\r\n•\tSession management identifies which subsequent HTTP requests are being made by that same user.\r\n•\tAccess control determines whether the user can carry out the action that they are attempting to perform.\r\n\r\nBroken access controls are a commonly encountered and often critical security vulnerability. Design and management of access controls is a complex and dynamic problem that applies business, organizational, and legal constraints to a technical implementation. Access control design decisions have to be made by humans, not technology, and the potential for errors is high.\r\n https://myptptn.ptptn.gov.my/ptptn/app_api/statement/get_ujrah_details_statement 8.5 0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"487ba141-6c5e-43c9-b698-987d3d43e776": ["0"]} Need to recheck 9dd7d458-5124-4358-943d-8d3bd8f4abe6 custom Access control vulnerabilities can generally be prevented by taking a defense-in-depth approach and applying the following principles:\r\n\r\n•\tNever rely on obfuscation alone for access control.\r\n•\tUnless a resource is intended to be publicly accessible, deny access by default.\r\n•\tWherever possible, use a single application-wide mechanism for enforcing access controls.\r\n•\tAt the code level, make it mandatory for developers to declare the access that is allowed for each resource, and deny access by default.\r\n•\tThoroughly audit and test access controls to ensure they are working as designed.\r\n "no_mykad":"960506065011" {} 1. Login using any account.\r\n2. Go to Semakan Penyata\r\n3. View statement\r\n4. Turn on intercept mode and change the year to 2022\r\n5. Change the no_mykad value \r\n6. Able to view the statement of the corresponding mykad An attacker might be able to perform horizontal and vertical privilege escalation by altering the user to one with additional privileges while bypassing access controls. Other possibilities include exploiting password leakage or modifying parameters once the attacker has landed in the user's accounts page, for example. https://portswigger.net/web-security/access-control/idor\r\nhttps://www.kiuwan.com/blog/owasp-top-10-2017-a5-broken-access-control\r\nhttps://portswigger.net/web-security/access-control\r\n POST /ptptn/app_api/statement/get_ujrah_details_statement HTTP/2\r\nHost: myptptnstg.ptptn.gov.my\r\nCookie: JSESSIONID=9FC0EE46E72BAEE61B589150081402BD; _gcl_au=1.1.1941488683.1716282160; _fbp=fb.2.1716282160361.486006788; _tt_enable_cookie=1; _ttp=H9hIZLlEoz_TFhHvl2JwGmsBwVe; _gid=GA1.3.242300084.1716282161; _ga=GA1.3.1060422940.1716282159; _ga_1HV7RSN8YN=GS1.1.1716289473.2.1.1716290171.60.0.0\r\nContent-Length: 64\r\nSec-Ch-Ua: "Not-A.Brand";v="99", "Chromium";v="124"\r\nAccept: application/json, text/plain, */*\r\nContent-Type: application/json;charset=UTF-8\r\nAccept-Language: bm\r\nSec-Ch-Ua-Mobile: ?0\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36\r\nSec-Ch-Ua-Platform: "Windows"\r\nOrigin: https://myptptn.ptptn.gov.my\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\nReferer: https://myptptnstg.ptptn.gov.my/ptptn/app/home\r\nAccept-Encoding: gzip, deflate, br\r\nPriority: u=1, i\r\n\r\n{"no_mykad":"960506065011","year":2024,"date_filter":"365 HARI"}
db85870a-ce69-409b-8c50-429339ffb8a5 Server Header Disclosure The remote web server discloses information via HTTP headers. https://gateway.n9pay.ns.gov.my/ 4.3 0 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"cc6b635a-0804-4c48-a8fe-cd79e08cd910": ["0"]} Need to recheck af66f73f-15ab-4c1e-8537-ef381a0a6025 custom Modify the HTTP headers of the web server to not disclose detailed information about the underlying web server. {} 1. Access to whatweb with gateway url\r\n2. Observe the result The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and languages used by the web server. https://techcommunity.microsoft.com/t5/iis-support-blog/remove-unwanted-http-response-headers/ba-p/369710 GET / HTTP/1.1\r\nHost: gateway.n9pay.ns.gov.my\r\nCookie: x-bni-fpc=f429346e06ac6deba76d3ae620a9407c; x-bni-rncf=1716442966749\r\nCache-Control: max-age=0\r\nSec-Ch-Ua: "Not-A.Brand";v="99", "Chromium";v="124"\r\nSec-Ch-Ua-Mobile: ?0\r\nSec-Ch-Ua-Platform: "Windows"\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9\r\nIf-None-Match: "664a6983-46c"\r\nIf-Modified-Since: Sun, 19 May 2024 21:05:07 GMT\r\nPriority: u=0, i\r\nConnection: close\r\n\r\n
4b97a2b8-4326-498d-a8fb-f52dc4b74927 Broken Access Control able to View other user Identity Access control (or authorization) is the application of constraints on who (or what) can perform attempted actions or access resources that they have requested. In the context of web applications, access control is dependent on authentication and session management:\r\n\r\n•\tAuthentication identifies the user and confirms that they are who they say they are.\r\n•\tSession management identifies which subsequent HTTP requests are being made by that same user.\r\n•\tAccess control determines whether the user can carry out the action that they are attempting to perform.\r\n\r\nBroken access controls are a commonly encountered and often critical security vulnerability. Design and management of access controls is a complex and dynamic problem that applies business, organizational, and legal constraints to a technical implementation. Access control design decisions have to be made by humans, not technology, and the potential for errors is high.\r\n https://e4.mygpki.gov.my/gpki_api/api/user/get_user_identity?data=eyJucmljIjoiODgwMjEwMTQxMjE4IiwidXNlclR5cGUiOiJHcGtpTWFuYWdlclVzZXIiLCJtZWRpdW1UeXBlSWQiOjN9 8.5 0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"66f64b3b-962a-44e2-a1f1-48f630e48040": ["0"]} Need to recheck 6e3ed207-03f6-4f7a-bcf1-7acc5a8d4398 custom Access control vulnerabilities can generally be prevented by taking a defense-in-depth approach and applying the following principles:\r\n\r\n•\tNever rely on obfuscation alone for access control.\r\n•\tUnless a resource is intended to be publicly accessible, deny access by default.\r\n•\tWherever possible, use a single application-wide mechanism for enforcing access controls.\r\n•\tAt the code level, make it mandatory for developers to declare the access that is allowed for each resource, and deny access by default.\r\n•\tThoroughly audit and test access controls to ensure they are working as designed.\r\n data {} 1. Intercept any normal user account. For this testing, normal user is Uatuser7.\r\n2. Change the IC value on data parameter.\r\n3. Observe the result An attacker might be able to perform horizontal and vertical privilege escalation by altering the user to one with additional privileges while bypassing access controls. Other possibilities include exploiting password leakage or modifying parameters once the attacker has landed in the user's accounts page, for example. https://portswigger.net/web-security/access-control/idor\r\nhttps://www.kiuwan.com/blog/owasp-top-10-2017-a5-broken-access-control\r\nhttps://portswigger.net/web-security/access-control\r\n GET /gpki_api/api/user/get_user_identity?data=eyJucmljIjoiODgwMjEwMTQxMjE4IiwidXNlclR5cGUiOiJHcGtpTWFuYWdlclVzZXIiLCJtZWRpdW1UeXBlSWQiOjN9 HTTP/1.1\r\nHost: e4.mygpki.gov.my\r\nSec-Ch-Ua: "Android WebView";v="125", "Chromium";v="125", "Not.A/Brand";v="24"\r\nAccept: application/json, text/plain, */*\r\nSec-Ch-Ua-Mobile: ?1\r\nAuthorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI4ODAyMTAxNDEyMDciLCJhdWRpZW5jZSI6Im1vYmlsZSIsImNyZWF0ZWQiOjE3MTY3MjU3NjcxNDQsImV4cCI6MTcxNjcyNzU2N30.quqbAJm1-J3yE3gFo4GQduNEN5vknlFth5C0H20fK3LBvG35wefNyk2SOgaWfv0k1BQEJ3VO6st8pC9Du3U4zg\r\nUser-Agent: Mozilla/5.0 (Linux; Android 14; Pixel 6a Build/UQ1A.240205.004.B1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/125.0.6422.82 Mobile Safari/537.36\r\nSec-Ch-Ua-Platform: "Android"\r\nOrigin: http://localhost\r\nX-Requested-With: com.my.posdigicert.GPKIMobileClient\r\nSec-Fetch-Site: cross-site\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\nReferer: http://localhost/\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-MY,en;q=0.9,ms-MY;q=0.8,ms;q=0.7,en-US;q=0.6\r\nPriority: u=1, i\r\nConnection: keep-alive\r\n\r\n
b79394a3-33f4-4745-b454-d15d41c01e71 Broken Access Control able to view other Profile Access control (or authorization) is the application of constraints on who (or what) can perform attempted actions or access resources that they have requested. In the context of web applications, access control is dependent on authentication and session management:\r\n\r\n•\tAuthentication identifies the user and confirms that they are who they say they are.\r\n•\tSession management identifies which subsequent HTTP requests are being made by that same user.\r\n•\tAccess control determines whether the user can carry out the action that they are attempting to perform.\r\n\r\nBroken access controls are a commonly encountered and often critical security vulnerability. Design and management of access controls is a complex and dynamic problem that applies business, organizational, and legal constraints to a technical implementation. Access control design decisions have to be made by humans, not technology, and the potential for errors is high.\r\n https://e4.mygpki.gov.my/gpki_api/api/user/get_contact_info?data=eyJucmljIjoiODgwMjEwMTQxMjA2IiwibnJpYyI6Ijg4MDIxMDE0MTIwNiIsInVzZXJUeXBlIjoid3cifQ%3d%3d 8.5 0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"66f64b3b-962a-44e2-a1f1-48f630e48040": ["0"]} Need to recheck 6e3ed207-03f6-4f7a-bcf1-7acc5a8d4398 custom Access control vulnerabilities can generally be prevented by taking a defense-in-depth approach and applying the following principles:\r\n\r\n•\tNever rely on obfuscation alone for access control.\r\n•\tUnless a resource is intended to be publicly accessible, deny access by default.\r\n•\tWherever possible, use a single application-wide mechanism for enforcing access controls.\r\n•\tAt the code level, make it mandatory for developers to declare the access that is allowed for each resource, and deny access by default.\r\n•\tThoroughly audit and test access controls to ensure they are working as designed.\r\n data {} 1. Access the profile user.\r\n2. Change the IC value. Also add random value on userType var\r\n3. observe the value An attacker might be able to perform horizontal and vertical privilege escalation by altering the user to one with additional privileges while bypassing access controls. Other possibilities include exploiting password leakage or modifying parameters once the attacker has landed in the user's accounts page, for example. https://portswigger.net/web-security/access-control/idor\r\nhttps://www.kiuwan.com/blog/owasp-top-10-2017-a5-broken-access-control\r\nhttps://portswigger.net/web-security/access-control\r\n GET /gpki_api/api/user/get_contact_info?data=eyJucmljIjoiODgwMjEwMTQxMjA2IiwibnJpYyI6Ijg4MDIxMDE0MTIwNiIsInVzZXJUeXBlIjoid3cifQ%3d%3d HTTP/1.1\r\nHost: e4.mygpki.gov.my\r\nSec-Ch-Ua: "Android WebView";v="125", "Chromium";v="125", "Not.A/Brand";v="24"\r\nAccept: application/json, text/plain, */*\r\nSec-Ch-Ua-Mobile: ?1\r\nAuthorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI4ODAyMTAxNDEyMDciLCJhdWRpZW5jZSI6Im1vYmlsZSIsImNyZWF0ZWQiOjE3MTY3MzI2OTYzNjcsImV4cCI6MTcxNjczNDQ5Nn0.hw27AIWu0BgK9Ps6rThpZn5spPnd4j52a-QeoDIBv6d-8UQbq6hrx2RzJBxdZW-MlPtFGlknqn4ctudXFaYF1g\r\nUser-Agent: Mozilla/5.0 (Linux; Android 14; Pixel 6a Build/UQ1A.240205.004.B1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/125.0.6422.82 Mobile Safari/537.36\r\nSec-Ch-Ua-Platform: "Android"\r\nOrigin: http://localhost\r\nX-Requested-With: com.my.posdigicert.GPKIMobileClient\r\nSec-Fetch-Site: cross-site\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\nReferer: http://localhost/\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-MY,en;q=0.9,ms-MY;q=0.8,ms;q=0.7,en-US;q=0.6\r\nPriority: u=1, i\r\nConnection: keep-alive\r\n\r\n
36c92989-4290-4186-a6d9-f205eb6fa3b1 Excessive data on Response leads to sensitive data exposure This vulnerability is highlighted by the Open Web Application Security Project (OWASP). The API developer sends more data than required to the client. The client-side has to filter the information to show it to the user, thus leaving a lot of unused data. https://e4.mygpki.gov.my/gpki_api/api/register/retrieve_email?data=eyJucmljIjoiODgwMjEwMTQxMjM1IiwicGhvbmVObyI6IjU1NSIsImNhcHRjaGEiOiIwM0FGY1dlQTdTM21UUmN4cUN0UnhadDhYN2RreU5ZdFlrbTVQdDNSdDgxUFN3MTU1VHJ5MzdlejllUTRMZjRRa1BUU3RNWDVDTG1ZcmdDUWVMaXRlMWRoV0FCeHBPdnBEck8xb3FQTVhUUTlpdWRjclB0NUw0RTNvSG5sWEp2amptOGRhWElmbm03X1htby0xcUFUSUt1Sm1RV3ZSZ1ZiSzhWU19OWE1hSnV3ZVZSdjlIQUQ2QTMyMjFXckNSWHpYb19MaEduYnEwanRsM2s1dWV6ckl2bkk5R3pzVS12QUNnWmpQZ1NleW5RR1FkQi1CX01qWnNCZWEtdHZDY3VDR1p3ajBqdmhUMkl1NHZmd0p4enJhcU1PMVU2QWdaSDlNeXBRQmtBR1hIT3VzU2hnQVJ1UHZyRnJGUXJ6VzgySzZzM1FQNDVvZzlCX0VJWkVaemVUQi1mN29HNFV1RzVOMFlPNDRTUWVZbURlcjBfY3lyZkVqanQwRElYSnptb2IyUDZJQnVSeURBbEpCYkdiQ3hMbk9hOGFuMkhNaTNNdy1NNlRvNU94cUVqSzk5X3BOVGo3dmk4Q3ZOejlzekJhTGJ4enU3d0l2ZDFmXzZkTkNlVkpXeFNiRmt4aThNLWl1ZTBKQjNrNUFtelpwbndtOHpTYmw3WVkzLU9DczZvYTFYS1JNeUFzOWc2MDBfOEt0YUgwemdfejNKMnN4QWRMeG5Qa1dvS2NfNTBjZlp3SkdaTXE1cHhVSEtzNDZ4bmJXM1lZbHhkSHFuRW1XVTBtaGZwdWpXczJZYnp1clNPOFhnWDJsV2g5aGE0UElDTC1fU2JFaXgwNk0tWC0xRTBGZ1Yya2Vkbng5ODlVMzBySEd5Rk9IeXNvVXY0Tk1meXB1elpWemlScUpycEJ3VmtDamtyLXdock11N3A3cVlNcGVzb0pDRFNKcXVSdEhhTTFJa2EtaDhIenl5cGpYMVg4emdxMllJSkluY3o2TlhFSTJtV2JSWEwyLTROeUZ0TGkyYnk0aExCUnFvMEtBNXZnNVdvWWxJVkNUdFJLRFZtc3lXQW5vd0hXbjZkeXdsdnV5cWpFd0xncVZhTVlvZWp6M1B4bWt0R0N6eEVFVHAwSXQyMldUZTJhYnBUZmN1LU15ckI5dm5OYVZGdk8zMUpwRnFZbXZpcVM1RTdBc2JuWHBUY0lCY2dnTlR5QVpxVW1JQmFXeFZxZGpDcHF1ZENuTFR4dzJLRHFVdzRqdEcybnFGVjd0Vm5TdjFCcTBYb2pCSWZ0NHo5b1JzVTFuN2VCNWUzVElDbEhiLWFYQU8wbjNzdGRabzAtVG9NTDdDUUN0cWcwUFJSNnduSmk2U25kZUxXZm1xRHo5Tl9aazRJLXB2WmpWQVBDM2U5VWlUdmE4YlAyQjZPM1VQZ3RiS1pEY19wclBhUmhOV1VxNExfTXNwMFJ6SHhuRC11R1MwWUpJbnB2TTdUb2o4SnFfU3U0UW1rREFjNkE2SmVqaEpPaEU2bFZWbXNrcXZWSjVtcEhxVEtRTHpZcndCZUNNZktRNEtSbUdxanlUWVZGS3RYRnBGVzNIRHNQTXFmOTBsQ1RaQnljV3NrQ0J6aWhTVWVuT2prcnFPUy1LVlRsVl9fbWt4VjNUZXVKU2ZoRTZlYy1QTWpQMTB4MUtGMkxHQzBJNUYxMGRfWFdaY2hOdHhsX0l1RDRRekVJdTRjTTl5dTVhZllpMjR5S1E0dW9yT1RNM3cxemlsMExrZU5TOF9QM3RucjhXQzg4anc3NVJCeFhMOWw4MXZ3V1V2ajAyLXhWSWliWGZ2V0xRMU9vaDhPNFJCbklCOWx4elBiQmRRRVpfc3lIbFFzZ3RqQ0xRdHdHTTBMNnpUeEZsUGd0OXRPZ1dJME9oRUkzdkFnZnNWd21yeldUTFphSnZWZ3lfeFBkcFlXbXJkN3o5LVk0aHRmX0JrX083YXFiQW8xcHkzenBWRm16WXFNbTVIREpfSGU5U2YxWGtpZW5VNF9pV25QS0lHc2hxSk03SGhZVWd4V0x3Qm54U1FMbURsVEhNV19PaE4xYmJWT3NDYXZKcVdTMDhSbEtSNWJsYnU3Q1BCMGpJSFVQa1ZlM2pMVW01bDQ5SjRtUE9VdVhEYWVYUEV5VEFVOHBlSU5fQkJfSDc3R0pLME81ZkRLbjFkR1JOWWZ5YmxBZGNFMV9BS19fczRnLWVNQ1d4Y3RTT0hvWm5pMDJUWGpadlE1cmhNUkFXQlhxZEc4bHlYZnozcDEydmYtTjJqSmthSWRmYXBSbUxYeENXSnRKYkRfeVAtbUlPSjVvZUxmNmROcXNDbE5mbFJHYzRUc0ZKOWZOeHJIUndsRHgxY2h4XzdWOTJHOVUwT1BIaEpXcWR5Z2cxQ2l3RjE5SlduSDdDTHkyUkZSdi1la0sySnZ6NmNWdHVZYUhWSkowb1F6WVVwVXMxYUdfLXhGdHFMU0prZk42bUNqS05xUUstZ183U2VmbnlXWUc5bXlTV3VRT1VrTEVEdENVTnptSnJ5Wk1MR0VTWU52N3RSNDJUMmo0bU1vTXFnTGV3ZWU4OWxaeDJzRUhWUlV6TFR0Wk9xWWk5UXZiZUgxWlRyMjVVc3NLWlQxN3E3X1pHYnY3QW1seDg3ZXNSYkVHV3JXRTlMZFlPZHFIcEdmMThzTXdidFVNTFhhUEZmVTduRmVfaS1XYmpuUDJURDZQcnZTTmdWeWdsNXRWeXB1SGJ5MWVxUzhITGNXQW8wb1dSc3RTMldpRDg3RllaY0FxVFhKQlg4LWh2c0pUU3BhdFktc25Cb0JkVThURHR5bGJQOEVKaW5Pd0cyVEVlSDYzWEdraTQ0aFEifQ== 7.5 0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"66f64b3b-962a-44e2-a1f1-48f630e48040": ["0"]} Need to recheck 6e3ed207-03f6-4f7a-bcf1-7acc5a8d4398 custom 1. Instead of relying on the client-side to filter the data, this operation should be performed on the server before sending the data. The client-side should only take the data and render it on the screen.\r\n\r\n2. Another thing that you can do is to ensure only the data the client has requested is sent to them. You are not sending any unnecessary information.\r\n\r\n3. To ensure that you are not sending sensitive data, you can also categorize your data as admin, personal, or sensitive information. data {} 1. Enter any valid IC.\r\n2. Before process of verifying the user via email, the server already show the user profile details on response\r\n The man-in-the-middle is the most common attack that can exploit this information as the data can be intercepted by the unwanted personnel when it is in transit. The data can later be used to perform different actions on the website. It can be sold to the highest bidder. https://rapidapi.com/guides/excessive-data-exposure\r\nhttps://owasp.org/API-Security/editions/2019/en/0xa3-excessive-data-exposure/ GET /gpki_api/api/register/retrieve_email?data=eyJucmljIjoiODgwMjEwMTQxMjM1IiwicGhvbmVObyI6IjU1NSIsImNhcHRjaGEiOiIwM0FGY1dlQTdTM21UUmN4cUN0UnhadDhYN2RreU5ZdFlrbTVQdDNSdDgxUFN3MTU1VHJ5MzdlejllUTRMZjRRa1BUU3RNWDVDTG1ZcmdDUWVMaXRlMWRoV0FCeHBPdnBEck8xb3FQTVhUUTlpdWRjclB0NUw0RTNvSG5sWEp2amptOGRhWElmbm03X1htby0xcUFUSUt1Sm1RV3ZSZ1ZiSzhWU19OWE1hSnV3ZVZSdjlIQUQ2QTMyMjFXckNSWHpYb19MaEduYnEwanRsM2s1dWV6ckl2bkk5R3pzVS12QUNnWmpQZ1NleW5RR1FkQi1CX01qWnNCZWEtdHZDY3VDR1p3ajBqdmhUMkl1NHZmd0p4enJhcU1PMVU2QWdaSDlNeXBRQmtBR1hIT3VzU2hnQVJ1UHZyRnJGUXJ6VzgySzZzM1FQNDVvZzlCX0VJWkVaemVUQi1mN29HNFV1RzVOMFlPNDRTUWVZbURlcjBfY3lyZkVqanQwRElYSnptb2IyUDZJQnVSeURBbEpCYkdiQ3hMbk9hOGFuMkhNaTNNdy1NNlRvNU94cUVqSzk5X3BOVGo3dmk4Q3ZOejlzekJhTGJ4enU3d0l2ZDFmXzZkTkNlVkpXeFNiRmt4aThNLWl1ZTBKQjNrNUFtelpwbndtOHpTYmw3WVkzLU9DczZvYTFYS1JNeUFzOWc2MDBfOEt0YUgwemdfejNKMnN4QWRMeG5Qa1dvS2NfNTBjZlp3SkdaTXE1cHhVSEtzNDZ4bmJXM1lZbHhkSHFuRW1XVTBtaGZwdWpXczJZYnp1clNPOFhnWDJsV2g5aGE0UElDTC1fU2JFaXgwNk0tWC0xRTBGZ1Yya2Vkbng5ODlVMzBySEd5Rk9IeXNvVXY0Tk1meXB1elpWemlScUpycEJ3VmtDamtyLXdock11N3A3cVlNcGVzb0pDRFNKcXVSdEhhTTFJa2EtaDhIenl5cGpYMVg4emdxMllJSkluY3o2TlhFSTJtV2JSWEwyLTROeUZ0TGkyYnk0aExCUnFvMEtBNXZnNVdvWWxJVkNUdFJLRFZtc3lXQW5vd0hXbjZkeXdsdnV5cWpFd0xncVZhTVlvZWp6M1B4bWt0R0N6eEVFVHAwSXQyMldUZTJhYnBUZmN1LU15ckI5dm5OYVZGdk8zMUpwRnFZbXZpcVM1RTdBc2JuWHBUY0lCY2dnTlR5QVpxVW1JQmFXeFZxZGpDcHF1ZENuTFR4dzJLRHFVdzRqdEcybnFGVjd0Vm5TdjFCcTBYb2pCSWZ0NHo5b1JzVTFuN2VCNWUzVElDbEhiLWFYQU8wbjNzdGRabzAtVG9NTDdDUUN0cWcwUFJSNnduSmk2U25kZUxXZm1xRHo5Tl9aazRJLXB2WmpWQVBDM2U5VWlUdmE4YlAyQjZPM1VQZ3RiS1pEY19wclBhUmhOV1VxNExfTXNwMFJ6SHhuRC11R1MwWUpJbnB2TTdUb2o4SnFfU3U0UW1rREFjNkE2SmVqaEpPaEU2bFZWbXNrcXZWSjVtcEhxVEtRTHpZcndCZUNNZktRNEtSbUdxanlUWVZGS3RYRnBGVzNIRHNQTXFmOTBsQ1RaQnljV3NrQ0J6aWhTVWVuT2prcnFPUy1LVlRsVl9fbWt4VjNUZXVKU2ZoRTZlYy1QTWpQMTB4MUtGMkxHQzBJNUYxMGRfWFdaY2hOdHhsX0l1RDRRekVJdTRjTTl5dTVhZllpMjR5S1E0dW9yT1RNM3cxemlsMExrZU5TOF9QM3RucjhXQzg4anc3NVJCeFhMOWw4MXZ3V1V2ajAyLXhWSWliWGZ2V0xRMU9vaDhPNFJCbklCOWx4elBiQmRRRVpfc3lIbFFzZ3RqQ0xRdHdHTTBMNnpUeEZsUGd0OXRPZ1dJME9oRUkzdkFnZnNWd21yeldUTFphSnZWZ3lfeFBkcFlXbXJkN3o5LVk0aHRmX0JrX083YXFiQW8xcHkzenBWRm16WXFNbTVIREpfSGU5U2YxWGtpZW5VNF9pV25QS0lHc2hxSk03SGhZVWd4V0x3Qm54U1FMbURsVEhNV19PaE4xYmJWT3NDYXZKcVdTMDhSbEtSNWJsYnU3Q1BCMGpJSFVQa1ZlM2pMVW01bDQ5SjRtUE9VdVhEYWVYUEV5VEFVOHBlSU5fQkJfSDc3R0pLME81ZkRLbjFkR1JOWWZ5YmxBZGNFMV9BS19fczRnLWVNQ1d4Y3RTT0hvWm5pMDJUWGpadlE1cmhNUkFXQlhxZEc4bHlYZnozcDEydmYtTjJqSmthSWRmYXBSbUxYeENXSnRKYkRfeVAtbUlPSjVvZUxmNmROcXNDbE5mbFJHYzRUc0ZKOWZOeHJIUndsRHgxY2h4XzdWOTJHOVUwT1BIaEpXcWR5Z2cxQ2l3RjE5SlduSDdDTHkyUkZSdi1la0sySnZ6NmNWdHVZYUhWSkowb1F6WVVwVXMxYUdfLXhGdHFMU0prZk42bUNqS05xUUstZ183U2VmbnlXWUc5bXlTV3VRT1VrTEVEdENVTnptSnJ5Wk1MR0VTWU52N3RSNDJUMmo0bU1vTXFnTGV3ZWU4OWxaeDJzRUhWUlV6TFR0Wk9xWWk5UXZiZUgxWlRyMjVVc3NLWlQxN3E3X1pHYnY3QW1seDg3ZXNSYkVHV3JXRTlMZFlPZHFIcEdmMThzTXdidFVNTFhhUEZmVTduRmVfaS1XYmpuUDJURDZQcnZTTmdWeWdsNXRWeXB1SGJ5MWVxUzhITGNXQW8wb1dSc3RTMldpRDg3RllaY0FxVFhKQlg4LWh2c0pUU3BhdFktc25Cb0JkVThURHR5bGJQOEVKaW5Pd0cyVEVlSDYzWEdraTQ0aFEifQ== HTTP/1.1\r\nHost: e4.mygpki.gov.my\r\nAccept: application/json, text/plain, */*\r\nUser-Agent: Mozilla/5.0 (Linux; Android 14; Pixel 6a Build/UQ1A.240205.004.B1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/116.0.0.0 Mobile Safari/537.36\r\nOrigin: http://localhost\r\nX-Requested-With: com.my.posdigicert.GPKIMobileClient\r\nSec-Fetch-Site: cross-site\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\nReferer: http://localhost/\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-MY,en;q=0.9,ms-MY;q=0.8,ms;q=0.7,en-US;q=0.6\r\nConnection: keep-alive\r\n\r\n
24462a62-644a-4daf-bfd1-d4f774e1e5aa Hardcoded Credentials The application store the hardcorded credentials that able to being viewed by anyone. File = res/values/strings.xml 4.3 0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"66f64b3b-962a-44e2-a1f1-48f630e48040": ["0"]} Need to recheck 6e3ed207-03f6-4f7a-bcf1-7acc5a8d4398 custom Properly store the credentials/key to save place. For Android apk, store the key on gradle.properties google_api_key, google_crash_reporting_api_key, {} 1. Decode the apk file using apktools (apktools d test.apk)\r\n2. Read the res/values/strings.xml \r\n3, Key was displayed on hardcoded strings. Attacker might able to use the credentials or key to access sensitive information or overcharged the billing. https://stefma.medium.com/something-about-google-api-keys-how-to-secure-them-and-what-firebase-got-to-do-with-this-e10473637ed3\r\nhttps://medium.com/@dugguRK/secure-android-api-keys-f865b344808c Not Applicable
bb71f411-7493-4275-bbc8-fe98b19deaa6 Android Debug mode enabled The android:debuggable attribute sets whether the application is debuggable. It is set for the application as a whole and can not be overridden by individual components. The attribute is set to false by default. AndroidManifest.xml File 3.5 0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c {"66f64b3b-962a-44e2-a1f1-48f630e48040": ["0"]} Need to recheck 6e3ed207-03f6-4f7a-bcf1-7acc5a8d4398 custom Always make sure to set the android:debuggable flag to false when shipping your application. <uses-permission android:name="com.my.posdigicert.GPKIMobileClient.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION"/> < android:debuggable="true" {} 1. Decode the APK using apktools\r\n2. Read the AndroidManifest.xml\r\n3. search for "debug" strings. Allowing the application to be debuggable in itself is not a vulnerability, but it does expose the application to greater risk through unintended and unauthorized access to administrative functions. This can allow attackers more access to the application and resources used by the application than intended.\r\n\r\nSetting the android:debuggable flag to true enables an attacker to debug the application, making it easier for them to gain access to parts of the application that should be kept secure. https://developer.android.com/privacy-and-security/risks/android-debuggable#:~:text=Allowing%20the%20application%20to%20be%20debuggable%20in%20itself,and%20resources%20used%20by%20the%20application%20than%20intended. Not Applicable
\.
--
-- Data for Name: issuetemplates; Type: TABLE DATA; Schema: public; Owner: postgres
--
COPY public.issuetemplates (id, tpl_name, name, description, url_path, cvss, cwe, cve, status, type, fix, param, fields, variables, user_id, team_id, technical, risks, "references", intruder) FROM stdin;
41a72c52-fadc-4f06-80f0-a8746bcf9b57 Unathenticated SQL Injection Unauthenticate SQL injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behaviour. 9.5 0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Need to recheck web Most instances of SQL injection can be prevented by using parameterized queries (also known as prepared statements) instead of string concatenation within the query.\r\nThe following code is vulnerable to SQL injection because the user input is concatenated directly into the query:\r\n\r\nString query = "SELECT * FROM products WHERE category = '"+ input + "'";\r\nStatement statement = connection.createStatement();\r\nResultSet resultSet = statement.executeQuery(query);\r\nThis code can be easily rewritten in a way that prevents the user input from interfering with the query structure:\r\nPreparedStatement statement = connection.prepareStatement("SELECT * FROM products WHERE category = ?");\r\nstatement.setString(1, input);\r\nResultSet resultSet = statement.executeQuery();\r\n\r\nParameterized queries can be used for any situation where untrusted input appears as data within the query, including the WHERE clause and values in an INSERT or UPDATE statement. They cannot be used to handle untrusted input in other parts of the query, such as table or column names, or the ORDER BY clause. Application functionality that places untrusted data into those parts of the query will need to take a different approach, such as white listing permitted input values, or using different logic to deliver the required behaviour.\r\n\r\nFor a parameterized query to be effective in preventing SQL injection, the string that is used in the query must always be a hard-coded constant and must never contain any variable data from any origin. Do not be tempted to decide case-by-case whether an item of data is trusted and continue using string concatenation within the query for cases that are considered safe. It is all too easy to make mistakes about the possible origin of data, or for changes in other code to violate assumptions about what data is tainted.\r\n {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c A successful SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. https://portswigger.net/web-security/sql-injection\r\nhttps://www.acunetix.com/websitesecurity/sql-injection/
667bdd67-b12d-4ce7-bbdf-ebceec01b35c Directory Listing Directory Listing Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. It is dangerous to leave this function turned on for the web server because it leads to information disclosure. 4.7 0 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Need to recheck custom There is not usually any good reason to provide directory listings and disabling them may place additional hurdles in the path of an attacker. This can normally be achieved in two ways:\r\n•\tConfigure your web server to prevent directory listings for all paths beneath the web root.\r\n•\tPlace into each directory a default file (such as index.htm) that the web server will display instead of returning a directory listing.\r\n {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c Directory listings themselves do not necessarily constitute a security vulnerability. Any sensitive resources within the web root should in any case be properly access-controlled and should not be accessible by an unauthorized party who happens to know or guess the URL. Even when directory listings are disabled, an attacker may guess the location of sensitive files using automated tools https://portswigger.net/kb/issues/00600100_directory-listing\r\nhttps://www.acunetix.com/vulnerabilities/web/directory-listings/
d77ea433-8cf9-4ef7-8e61-02f8c0b47354 Cross Site Scripting (XSS) Cross Site Scripting (XSS) Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data. 8.3 0 Need to recheck custom Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.\r\nIn general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures:\r\nFilter input on arrival. At the point where user input is received, filter as strictly as possible based on what is expected or valid input.\r\nEncode data on output. At the point where user-controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, JavaScript, and CSS encoding.\r\nUse appropriate response headers. To prevent XSS in HTTP responses that are not intended to contain any HTML or JavaScript, you can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend.\r\nContent Security Policy. As a last line of defence, you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.\r\n {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c Cross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application. https://portswigger.net/web-security/cross-site-scripting
9d3431b5-c597-4496-9f9c-613faba56e94 Insecure File Upload Insecure File Upload Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. 0 0 Need to recheck custom Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist approach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like .htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder so the files within it are not executable. If possible, rename the files that are uploaded. {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 1. Server-side attacks: The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, or exploit the local vulnerabilities, and so forth.\r\n\r\n2. Client-side attacks: Uploading malicious files can make the website vulnerable to client-side attacks such as XSS or Cross-site Content Hijacking.\r\n\r\n3. Uploaded files can be abused to exploit other vulnerable sections of an application when a file on the same or a trusted server is needed (can again lead to client-side or server-side attacks)\r\n\r\n4. A malicious file such as a Unix shell script, a windows virus, an Excel file with a dangerous formula, or a reverse shell can be uploaded on the server in order to execute code by an administrator or webmaster later – on the victim’s machine.\r\n\r\n5. An attacker might be able to put a phishing page into the website or deface the website.\r\n https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
458a828a-f5b9-48f9-9343-6262f5b4d246 File Information Disclosure File Information Disclosure An information disclosure vulnerability exists in the remote web server due to the disclosure of the web.config file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose potentially sensitive configuration information. 0 0 Need to recheck custom Declare this rule on .htaccess. For Examples:\r\n\r\n<files filename.ext>\r\n order allow,deny\r\n deny from all\r\n</files> {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c An unauthenticated, remote attacker can exploit this file, via a simple GET request, to disclose potentially sensitive configuration information. https://wordpress.stackexchange.com/questions/5400/prevent-access-or-auto-delete-readme-html-license-txt-wp-config-sample-php\r\nhttps://stackoverflow.com/questions/11728976/how-to-deny-access-to-a-file-in-htaccess
ce941fa7-ac82-49e8-98a0-56f1db9794fb htaccess file disclosure .htaccess Disclosure The remote web server discloses information via HTTP request. 5.4 0 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Need to recheck custom Change the configuration to block access to these files by set in .htaccess\r\n<Files ~ "^\\.(htaccess|htpasswd)$">\r\ndeny from all\r\n</Files> {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c The server does not properly restrict access to .htaccess and/or .htpasswd files. A remote unauthenticated attacker can download these files and potentially uncover important information.\r\n https://www.tenable.com/plugins/nessus/106231\r\nhttps://stackoverflow.com/questions/11831698/trying-to-hide-htaccess-file
bfa2cd13-67f3-4a17-9bcf-3716053f92e9 Joomla XML disclose file and version Joomla XML disclose file and version Joomla allow joomla.xml file 4.3 0 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Need to recheck custom Oftenly, the joomla.xml were not used and able to remove the file from server. Alternatively, deny the file from being access by configure .htaccess.\r\n\r\n<Files ~ "^.*">\r\n Deny from all\r\n</Files> {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c Attacker able to gain the file tree and version of plugins used in Joomla https://forum.joomla.org/viewtopic.php?t=1005483\r\nhttps://forum.joomla.org/viewtopic.php?t=902633
03898ae8-ff1b-4c02-a1d5-a4c41797fdae Joomla Sensitive Folder disclosure Joomla Administrator Folder disclosure Joomla able to access the Administrator folder without any authentication 3.5 0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Need to recheck custom Implement zero trust by restricting the access to admin folder and allow only specific ip. This can be done by creating .htaccess on root of Administrator and add the following code:\r\n\r\n<Limit GET POST>\r\n order deny,allow\r\n deny from all\r\n allow from 192.168.x.x\r\n</Limit> {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c Attacker might able to gain personal access like plugins version and information of the system https://www.itsupportguides.com/knowledge-base/joomla-tips/joomla-how-to-use-htaccess-to-protect-the-administrator-directory/#:~:text=As%20a%20Joomla%20administrator%20one%20of%20the%20simplest,you.%20This%20can%20be%20done%20quite%20easily%20using.htaccess.
cff57190-3561-4344-89d4-e827f02c6db9 Error disclose information Error Message Disclose Sensitive information The application error message discloses sensitive information such as path and line of code. 5.3 0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Need to recheck custom Create a custom error pages or show general information like "server encounter error". {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c An attacker may user this information to craft exploit to bypass the restriction. https://www.php.net/manual/en/function.oci-error.php
c4a2d27b-a851-42c2-9926-07274f43dcbf Broken Access Control Broken Access Control able to view other loan details Access control (or authorization) is the application of constraints on who (or what) can perform attempted actions or access resources that they have requested. In the context of web applications, access control is dependent on authentication and session management:\r\n\r\n•\tAuthentication identifies the user and confirms that they are who they say they are.\r\n•\tSession management identifies which subsequent HTTP requests are being made by that same user.\r\n•\tAccess control determines whether the user can carry out the action that they are attempting to perform.\r\n\r\nBroken access controls are a commonly encountered and often critical security vulnerability. Design and management of access controls is a complex and dynamic problem that applies business, organizational, and legal constraints to a technical implementation. Access control design decisions have to be made by humans, not technology, and the potential for errors is high.\r\n 8.5 0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Need to recheck custom Access control vulnerabilities can generally be prevented by taking a defense-in-depth approach and applying the following principles:\r\n\r\n•\tNever rely on obfuscation alone for access control.\r\n•\tUnless a resource is intended to be publicly accessible, deny access by default.\r\n•\tWherever possible, use a single application-wide mechanism for enforcing access controls.\r\n•\tAt the code level, make it mandatory for developers to declare the access that is allowed for each resource, and deny access by default.\r\n•\tThoroughly audit and test access controls to ensure they are working as designed.\r\n {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c An attacker might be able to perform horizontal and vertical privilege escalation by altering the user to one with additional privileges while bypassing access controls. Other possibilities include exploiting password leakage or modifying parameters once the attacker has landed in the user's accounts page, for example. https://portswigger.net/web-security/access-control/idor\r\nhttps://www.kiuwan.com/blog/owasp-top-10-2017-a5-broken-access-control\r\nhttps://portswigger.net/web-security/access-control\r\n
402e1ffe-9a1f-4ecc-b6ca-6b5f1b6c484f Server Header Disclosure Server Header Disclosure The remote web server discloses information via HTTP headers. 4.3 0 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Need to recheck custom Modify the HTTP headers of the web server to not disclose detailed information about the underlying web server. {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and languages used by the web server. https://techcommunity.microsoft.com/t5/iis-support-blog/remove-unwanted-http-response-headers/ba-p/369710
d542f8f9-b424-44de-9b78-6bb187ce0f2a Excessive data on Response Excessive data on Response leads to sensitive data exposure This vulnerability is highlighted by the Open Web Application Security Project (OWASP). The API developer sends more data than required to the client. The client-side has to filter the information to show it to the user, thus leaving a lot of unused data. 7.5 0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Need to recheck custom 1. Instead of relying on the client-side to filter the data, this operation should be performed on the server before sending the data. The client-side should only take the data and render it on the screen.\r\n\r\n2. Another thing that you can do is to ensure only the data the client has requested is sent to them. You are not sending any unnecessary information.\r\n\r\n3. To ensure that you are not sending sensitive data, you can also categorize your data as admin, personal, or sensitive information. {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c The man-in-the-middle is the most common attack that can exploit this information as the data can be intercepted by the unwanted personnel when it is in transit. The data can later be used to perform different actions on the website. It can be sold to the highest bidder. https://rapidapi.com/guides/excessive-data-exposure\r\nhttps://owasp.org/API-Security/editions/2019/en/0xa3-excessive-data-exposure/
a4284106-f4ca-4fe6-b050-84574c87c47f Hardcoded Credentials Hardcoded Credentials The application store the hardcorded credentials that able to being viewed by anyone. 4.3 0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Need to recheck custom Properly store the credentials/key to save place. For Android apk, store the key on gradle.properties {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c Attacker might able to use the credentials or key to access sensitive information or overcharged the billing. https://stefma.medium.com/something-about-google-api-keys-how-to-secure-them-and-what-firebase-got-to-do-with-this-e10473637ed3\r\nhttps://medium.com/@dugguRK/secure-android-api-keys-f865b344808c
bebe0321-02f8-4f29-bd5e-bb7b7e2be357 Android Debug mode enabled Android Debug mode enabled The android:debuggable attribute sets whether the application is debuggable. It is set for the application as a whole and can not be overridden by individual components. The attribute is set to false by default. 3.5 0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Need to recheck custom Always make sure to set the android:debuggable flag to false when shipping your application. {} {} 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c Allowing the application to be debuggable in itself is not a vulnerability, but it does expose the application to greater risk through unintended and unauthorized access to administrative functions. This can allow attackers more access to the application and resources used by the application than intended.\r\n\r\nSetting the android:debuggable flag to true enables an attacker to debug the application, making it easier for them to gain access to parts of the application that should be kept secure. https://developer.android.com/privacy-and-security/risks/android-debuggable#:~:text=Allowing%20the%20application%20to%20be%20debuggable%20in%20itself,and%20resources%20used%20by%20the%20application%20than%20intended.
\.
--
-- Data for Name: logs; Type: TABLE DATA; Schema: public; Owner: postgres
--
COPY public.logs (id, teams, description, date, user_id, project) FROM stdin;
e8624c4f-5d9c-4a0a-988c-5890019b8052 [] Project MADA WASA was created! 1715642235 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c
59ffefa3-ee5d-4881-b12b-e7ad801f5234 [] Added issue template "Unathenticated SQL Injection" 1715642342 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c
fb7c82c5-d506-43ae-950e-398d2201c4a7 [] Added issue template "Directory Listing" 1715642342 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c
c76e08ad-f962-42e2-b05b-709c65f164b4 "\\"[]\\"" Added ip mada.gov.my 1715642911 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
0247d4ba-c0bb-40a9-880f-bb47aaf25018 "\\"[]\\"" Added ip mada.gov.my 1715643019 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
954e279e-07e7-4bd6-bd0f-7933f1e2c89d "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715643394 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
3dbfcf0b-ce4e-4bb1-9ccb-49ee7b40c3a0 "\\"[]\\"" Updated issue Unauthenticate SQL injection 1715643447 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
8bb5256b-5f9c-4cdf-b1f1-132c977b166f "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 0.0 1715643517 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
33a83e97-3a93-4fb6-aa5b-6e1fe2ca56d8 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.5 1715643540 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
e03116aa-6b11-4736-b639-a0ea80429b7b "\\"[]\\"" Added ip portal.mada.gov.my 1715643660 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
f3a756ac-fe4c-40d0-bae4-97d6c2c50dcd "\\"[]\\"" Added ip hrms.mada.gov.my 1715643677 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
68e0e1e0-3757-43bd-8992-061a992e0324 "\\"[]\\"" Added issue "Directory Listing" 1715643688 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
e132f0a8-7241-4522-bccc-2f01e95f2b27 "\\"[]\\"" Updated issue Directory Listing 1715643695 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
1ceaebfe-1245-4dc4-8620-4aa08eda39c5 "\\"[]\\"" Updated issue Directory Listing 1715643759 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
9de31594-2101-4318-b2ce-82e14ede2c50 "\\"[]\\"" Added new file report_2024-05-14T07:43:37.zip 1715643817 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
612400e8-df53-4460-9c34-f084a7885107 "\\"[]\\"" Added new file report_2024-05-14T07:43:38.zip 1715643818 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
bc86d0d6-ded0-4938-9fe5-ad44b5c6ea2a "\\"[]\\"" Added new file report_2024-05-14T07:47:06.zip 1715644026 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
da25f407-d5a1-4f52-943e-859f66508dcf "\\"[]\\"" Added new file report_2024-05-14T07:47:06.zip 1715644027 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
ed33a8ed-646a-417e-a8dd-ca63e7101722 "\\"[]\\"" Added new file report_2024-05-14T07:47:23.zip 1715644043 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
fc5c642d-d003-4e50-b4bf-604252fa90bf "\\"[]\\"" Added new file report_2024-05-14T07:47:24.zip 1715644044 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
d5867bcf-c796-48a6-9bfd-b7302a3bcc4e "\\"[]\\"" Added new file report_2024-05-14T07:47:59.txt 1715644079 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
becb6989-0dad-4e0a-b6ba-d01d619cffbe "\\"[]\\"" Added new file report_2024-05-14T07:47:59.txt 1715644079 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
6ee4f2c8-970e-4d82-a820-8b05c8b7cf23 "\\"[]\\"" Added new file report_2024-05-14T07:48:17.docx 1715644097 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
cb9258b4-41c7-4a5a-ad1e-65f3b35ac859 "\\"[]\\"" Added new file report_2024-05-14T07:48:17.docx 1715644098 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
2581b3b5-66fa-49bf-86af-13c3057818c2 "\\"[]\\"" Added new file report_2024-05-14T07:48:59.docx 1715644139 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
5f0113d1-264b-4b75-93e9-1f6120ef3910 "\\"[]\\"" Added new file report_2024-05-14T07:48:59.docx 1715644140 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
97d9e16d-0c87-4a6a-9ca5-6e221f4fb2a6 "\\"[]\\"" Added new file report_2024-05-14T07:49:14.docx 1715644155 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
98e2c3c7-2f01-467c-b81f-5ef20e4583bf "\\"[]\\"" Added new file report_2024-05-14T07:49:17.docx 1715644158 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
f47d459c-dc0c-4ae8-b4de-91d8fcf00fe3 "\\"[]\\"" Added new file report_2024-05-14T07:49:50.docx 1715644191 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
92458764-7383-4f88-af68-4c7c0314f85a "\\"[]\\"" Added new file report_2024-05-14T07:50:13.docx 1715644214 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
84ca52f1-bd9f-4284-90eb-1ae2fbde0cb9 [] Project EPT 13/5 was created! 1715679421 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c
6d3db5e0-ea60-4008-8cc5-25f6ecbb955e "\\"[]\\"" Added ip uat-admin.myinvois.hasil.gov.my 1715679819 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
a0d90de8-c2cd-4d08-92cf-40266256fe6d "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715680647 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
d5293df5-78fb-4590-b027-c7e462391ad6 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715682025 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
141c4369-f6bd-49a3-b517-53fde24144a2 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715682025 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
1a982d3c-c7f7-444e-906c-f62e1f3f08c0 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 7.8 1715682286 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
b4fb0e95-b525-4a43-87c7-fc022c79ae52 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 7.8 1715682294 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
dc8b39ee-4e35-4e2a-a0a3-08bccb7c500d "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715682316 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
7df893ae-f786-46e3-ba58-45362d234b1f "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715682372 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
f7a6d8e5-20a2-4646-bf30-4c80fa4d9648 [] Added issue template "Insecure File Upload" 1715707256 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c
fb0e68b9-8640-4be2-ba17-438c211b1a62 "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715682440 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
164e9b85-60a0-4abc-8d0d-0a5330682a8a "\\"[]\\"" Deleted Issue Directory Listing 1715682440 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
1a236e3b-7258-4f8b-8cca-327298d81063 "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715682462 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
47d8d66a-cd5f-4dcb-b262-35e26603b5dc "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715682471 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
496ba7e3-21dd-441e-a61a-343dd3354b28 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715682779 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
53168801-9661-4286-adc4-cc66cd2231b1 "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715682826 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f6beadc3-a536-4b9a-a12b-3248360f9f85 "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715682830 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
eedc0638-4016-49ee-b107-13c860e97b9d "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715682843 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
7439e39c-bd42-4448-8f6c-b979c0bf09aa "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715682843 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
ad565d5d-4a18-4bf0-ae31-902742358c00 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715682850 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
3c1fb8fb-473c-4d0c-85b2-d3910ed4e075 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715682858 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
1cf81fd0-fd65-4650-8307-0db8dbbc73e4 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715682888 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
5dec0b46-96db-40a9-a2ca-fae0e312c51c "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715682890 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
8697388e-5e42-41e8-8daa-110524b4eb33 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715682895 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
418b913c-f349-4010-a819-b96f8034131b "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715682903 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
eb5541e2-6858-4c52-b750-a40c0773c5b7 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.6 1715683014 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
6130849b-ad6d-4f0b-bd48-f9c822df55ad "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.6 1715683016 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
ff3ee60a-c3f0-40d5-84fc-16a3dafad7a0 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683017 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
5c80b06c-6e0f-440c-af3e-ebffa0d9df94 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.6 1715683017 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f330bce2-c02b-44d0-8800-666faa54af89 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.6 1715683017 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
71cd1ff3-d8b3-4aa3-a7d3-e025466d6bc3 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.6 1715683017 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c3fb08c2-12de-4c78-a5ec-34a6a16251e6 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.6 1715683018 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
cfabda05-a711-4810-a257-b5d68d3f7884 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683051 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
8d812667-38b2-4e09-90c1-eba98f154f9f "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683108 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
d6411d20-6b6e-4955-96e8-95a2855ae4e1 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715683119 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
074a8bb8-a343-4052-94e9-486e15ed310e "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683119 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
f5850a56-183c-41e1-b719-37e641a8558e "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683122 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
86b7649c-18b0-4211-a2d7-c44575c52158 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683124 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
d35f7387-e611-4cca-81a5-53bfdddd1166 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683310 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
1633e444-d273-4c4f-944d-ffcd79b74afd "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715683312 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
667f39ba-5147-47d3-ac8d-d08ec3224085 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683312 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
525ab1c8-6d8f-4846-bf1a-061a6321dd6a "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683313 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
84d293db-cc55-4901-b476-41cbc57ebd70 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715683314 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
6801c25f-05e6-42ee-9d1b-e1d077596d3b "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715683315 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
90efa295-6972-4e21-9874-0cb97fb846ee "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683315 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
913ee90c-addd-4bda-bbc0-e1da621eccd2 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683316 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
3132eae5-00fe-4dd8-8d3c-568b3def5dc9 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683316 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
f98c458f-9fc4-49b1-894f-6e7cd0c0b520 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683322 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
586de72f-a740-4c32-94cd-c323614b4864 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683343 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
934a967f-fde1-4551-aaee-1e75a1d5771b "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683344 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
c159cb08-37ff-48d3-9770-cf0d1bac07a6 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683345 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
fc91989c-ed6c-40b9-b9a7-f232b45ccca1 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683345 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
d8992936-bae2-40bd-a09c-365d4256e891 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 8.8 1715683358 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
d95b85b8-2581-4838-813e-85fe194dcbfa "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683390 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
3d12fef4-8f1f-406f-a45e-b67e6a1c2453 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715683390 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
aaf03a33-3bfe-4be4-8e9c-694262254564 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715683405 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
0344610f-6757-45ef-a856-5676ac7a0a08 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715683435 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
9acc2225-8544-46ac-b25a-adbf7a22b11b "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715683958 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
a2ffc1d4-9f37-4715-a00e-376a2148c954 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715683959 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
90ca5ca8-32c4-4c57-8abe-ee9de030ef0c "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683960 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
69bcadfa-09de-476e-8e0d-2ea28497aa81 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715683960 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
ef49e39d-b209-453e-a0b7-32c2be7a9ef5 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683960 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
97a3649a-6278-48c1-88cf-181e28a7e318 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683960 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
ee1c7957-bb6f-41f0-bf77-248752960480 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715683960 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
9c59e76d-5ab8-4711-b445-6e48f311d0ec "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715683961 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
69b99330-5ebd-4da3-bd75-52a824de74e8 "\\"[]\\"" Updated issue Unauthenticate SQL injection 1715684187 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
0667b45b-9cba-4f90-a229-6230612d2a80 "\\"[]\\"" Updated issue Unauthenticate SQL injection 1715684193 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
2789bb12-ac70-4315-8f72-411f0470718d "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715684223 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
c5a74b65-4d4e-4f72-b2da-0883f5b06eec "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715684223 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
44d1bbea-6a35-4924-a44d-775ff32b85eb "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715684260 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
d668e6fa-916c-4a24-a286-bed8d9c2a868 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715684262 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
ecf65a75-a637-46f7-a493-73581aabc2ec "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715684331 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
f7bb0ebb-dc4c-4826-9d25-10f8a34df819 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715684360 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
6f56f313-bf67-45da-b1f5-9248f2613a29 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715684361 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
65534fe3-8953-466e-a912-dc8f4d8bdb02 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715684441 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
c7707ff1-2e4c-48e2-99de-3ca7fadf2610 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715684447 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
cc034b1b-af4b-4f65-af49-5ca6d494f90b "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715684840 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
8ea1b1ce-552c-415c-836c-04a77fa7825c "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715684938 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
0fa281de-13c4-400a-8154-ea88c85f3fb5 "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715684938 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
83888c47-4c1b-450c-85f6-4b10542d6bfc "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715685303 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
68090bb0-873d-478d-b6c0-80d813638231 "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715685570 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
e240b056-f8fd-4862-9cab-6ccedb09c0ea "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715686112 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
e8c10e5a-f788-46bc-8cf9-56ebc523fa73 "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715686367 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
7bf85282-3a28-4cd0-ba38-1d0e12f800bd "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715686367 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
9bca1550-9bac-4dac-bc5e-ccdcbfcd72e7 "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715686367 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
a694e28a-72be-44aa-8baf-68fe8a8e86c2 "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715686800 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
22868bb5-e171-4fd5-ad40-dc64e88eab39 [] Added issue template "Cross Site Scripting (XSS)" 1715688148 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c
3d3e56ad-e3a2-4736-a7cf-cf4d202d7e8d "\\"[]\\"" Added issue "Cross Site Scripting (XSS)" 1715688168 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
14d67698-0912-4860-8bca-954910c6bf1d "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715695621 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
ef30b043-ef8e-40ad-8e49-1281343b6663 "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715695627 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
91cd17b3-f834-4198-b36c-2d5904fbf3a3 "\\"[]\\"" Added issue "Unauthenticate SQL injection" 1715695680 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
b0761401-8b60-42ff-87ab-196f1c03ad71 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715695695 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
26ad98bd-fc9a-4f3f-8ea1-b9587b6d1cdb "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715696955 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
b8d3903e-efde-4450-972d-1faf697c4649 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697006 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
9dd048bc-4528-4f38-b807-0c12f49cb566 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715697006 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
e8ab9475-53f8-4a1d-917f-5f7a3b5f752e "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.9 1715697028 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
187de7d0-c74e-42a3-b75e-19df07607f25 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715697058 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
1dc907a8-12c7-4925-84dc-b984f508f72d "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.1 1715697070 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
468e976b-dd75-476f-b4d5-a6ca31e5cc58 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 9.1 1715697071 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f7c4f15e-6081-4707-b979-0a7f7d91f0f6 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697101 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
64be7e71-a8ed-43d3-990e-3450e107c774 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697245 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
020c4223-74f8-4b7e-8181-0d022c502dfd "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697247 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
9c331a41-ee99-4dbe-b3a9-e8ca27fc13f0 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697248 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
22a04a8e-74a0-4ab5-ba6b-68bd4999b686 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697249 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
be7ee9e8-a3f0-4804-8b44-8dc799515b97 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715697249 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f0290657-faa8-4d45-b57a-22c34b9f0a2a "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715697249 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
cfe80076-9220-4a53-b469-feeadd5ebb02 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697249 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
6e9c4f66-cd5a-47b8-b6ef-df739247ab64 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697250 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
7396e3db-fe68-4c5d-a990-1e49391af895 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697251 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c9410ebd-4dd9-49d4-98c5-062c320dd7f4 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715697785 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
36f3d4dd-11ef-4deb-ae6e-14b1fcda106f "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697787 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
77ac2999-c2e8-49d9-8625-380c4ac8d5d4 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715697787 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
47445021-1d69-4f60-8ebd-017ee706f1ac "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697788 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
269039e2-7d09-4274-91ed-72daec9d5815 "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715697789 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
a8c552f4-1577-401e-b99b-7fedef615446 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697789 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
a4a67427-2548-48aa-8a23-82b12cfb7fbf "\\"[]\\"" Updated issue Unauthenticate SQL injection field "cvss_vector" 1715697791 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
ba87b71b-0350-4d0a-b36c-29244b261155 "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697791 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
35dfa467-e201-4344-96c2-374d87bb675f "\\"[]\\"" Updated issue Unauthenticate SQL injection cvss to 10 1715697792 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
ccc06fa3-aff0-4bba-a9c8-1698d5f16a35 "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715697829 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
8d0c3b6a-2a0e-42e7-8a8d-000d860cb741 "\\"[]\\"" Added issue "Insecure File Upload" 1715707270 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c0021bf2-9ba6-4bf4-86c4-2103f080a7c1 "\\"[]\\"" Updated issue Insecure File Upload cvss to 8.2 1715707293 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
735a3c7a-75a0-478d-b8fe-134a4f2da064 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715707305 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
124b9d36-afff-457f-b48c-e5ee23411f1c "\\"[]\\"" Updated issue Insecure File Upload cvss to 8.2 1715707331 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
86e71643-00bc-42b7-a153-b5a48f24033a "\\"[]\\"" Updated issue Insecure File Upload cvss to 8.2 1715707331 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
a8e558f6-5f9a-4376-b05c-aed81bbe96de "\\"[]\\"" Updated issue Insecure File Upload cvss to 8.2 1715707362 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f6d5809c-5372-414c-9232-e61a87f6ab79 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715707556 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
9b4bde1a-c85e-470e-b218-359b2e60cdea "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715707558 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
06a1cca1-f2bc-498f-bf8c-1cdc4fcba78a "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715707558 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
acde9f04-f4db-44df-801d-8f149999e555 "\\"[]\\"" Updated issue Insecure File Upload cvss to 8.2 1715707600 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
4cb3977b-4726-41b0-a410-58f3f0e822cc "\\"[]\\"" Updated issue Insecure File Upload cvss to 10 1715707610 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
5236ecb6-3274-424e-9600-caa035eb5f18 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715707610 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
0343fca6-4e5c-45cb-9a7a-b5157faf5397 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715707641 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
479553d6-a854-4173-bf55-1dad2e39e868 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715707641 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
17ea0714-5d45-42ef-a271-3703750ac3e9 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715707641 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
38b169e5-23fc-42c7-9373-93a19ce2c2a4 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715707641 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
1523af6c-bbc7-4abf-b5fe-ca777eed3f35 "\\"[]\\"" Updated issue Insecure File Upload 1715707668 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c86ec3cb-237b-4c45-a1b3-e8d7fc15e8a7 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715707722 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
dff78ee2-1ac9-434b-a8cb-ac354f991678 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715707725 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
192c7062-29e6-452b-bcf2-5ec1e0358c79 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715707725 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c9835fd2-057f-4d95-be12-62d145c0de3e "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715707725 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
8c94cd70-af24-4c91-9677-e2361d45c1fa "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715707725 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
77097eea-155c-41d8-ada5-f8a8350d7f8e "\\"[]\\"" Updated issue Insecure File Upload 1715707734 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
6f095c6e-3ca9-4865-8f70-ce5a7483739d "\\"[]\\"" Updated issue Insecure File Upload cvss to 0 1715707971 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
e5e53b3a-c426-417b-9d11-c8b9fcea851b "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715707972 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c1383938-421e-4bdb-8e98-6fbbfa128716 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708006 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
72c1f247-1bd7-4bf1-a673-eb20f7860e41 "\\"[]\\"" Updated issue Insecure File Upload 1715708033 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
e550de25-7e4a-4c83-ab6b-f6a4f409e1cc "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708057 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
d5847662-49cf-48c5-a930-c705fa48f469 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708057 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
b1649f72-c61c-486a-b92f-cd316233f6ce "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708058 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
4b701fb1-23c2-4935-a859-6b56211d620d "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708058 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
7ba076a1-7cad-4867-bf20-8aa4f64f6453 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708059 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
b2ebff0f-eb50-4521-a009-8c404b3a6150 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708402 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c5dc914c-a9c0-49f0-ace8-28ca24816977 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.6 1715708439 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
9242cfe2-3619-4377-89a5-989d555db6ae "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708460 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
748144b6-122a-4047-95fa-42f1a0c7abf8 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708460 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
928458cb-c253-4a6c-874b-3361d43d5541 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708461 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
bdfc3b1c-119d-4b28-a55b-c55bbba1db1e "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708461 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
fd8606c3-a08b-4591-be7c-cfeeb411f7cf "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708461 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c3bd8543-4cc6-4bbe-aa58-a5976ac83604 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708489 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c964620d-ca4b-453f-8aa8-0dd73406caa1 "\\"[]\\"" Updated issue Insecure File Upload 1715708659 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c3a02809-c1ce-4e73-a851-b03a791f9699 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708710 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
9024877c-2395-47fc-bf67-412179362af2 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708710 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
b1d7558e-30db-4222-9caf-e30eee0eab25 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708711 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
3448e800-26da-4965-94c4-989afafd9d05 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708711 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
95e3e06d-44f8-4ba6-b353-3af70b2a054a "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708712 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
e49c9a28-d8dc-4e1d-a1b7-b78073306d26 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708729 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
a4ac5b8d-ba31-4154-89a0-b2cc76315507 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708729 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
8daca8c4-714e-425d-a594-71ea8a7008dc "\\"[]\\"" Updated issue Insecure File Upload cvss to 6.3 1715708745 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
9bc18f84-4b73-4015-a462-f6c7f6e2a6f2 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708745 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
766ef13a-5fc8-42e7-addf-fd34304d92d0 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715708767 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
8001e933-4ec3-4b80-be51-20ce2d9cbfc3 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715708778 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f53bc737-c4ae-4103-84d6-885a8ffbb562 "\\"[]\\"" Updated issue Insecure File Upload cvss to 6.3 1715709008 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
9d69786b-45d0-4a5b-8c7b-947b3731211e "\\"[]\\"" Updated issue Insecure File Upload cvss to 6.3 1715709119 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
e9161a66-1341-4c8f-8724-9b8ed6ed4a55 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715709119 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
0344b345-75d0-42cc-b6e8-4ed2566d1cd7 "\\"[]\\"" Updated issue Insecure File Upload cvss to 6.3 1715709120 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
60648eb5-83ad-4eac-bbff-04f0b28e6081 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715709120 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
3faacfc5-dee7-4cfa-a9fc-fc25dfcc9b8b "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715709120 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
1379cce1-d487-47f2-abd0-0821e05fa99e "\\"[]\\"" Updated issue Insecure File Upload cvss to 6.3 1715709132 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
59aff438-2050-4112-9ad0-383c5fa5bf26 "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715709132 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
b0b330f8-66a2-4b1f-92e5-58391f8f6053 "\\"[]\\"" Updated issue Insecure File Upload cvss to 6.3 1715709132 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
07fe3d9f-58b0-4e51-b742-8cc2bf816ac6 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709140 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
0f0e58f5-380c-4b41-8119-a3998e74f18d "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709170 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
32c21e8a-881c-4349-b63c-654dae38f6a8 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709170 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
396469e4-a3af-47d4-91a0-fdfcc5e6bd83 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709171 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
a277eb26-d145-408c-8a7a-ff1f8861fdad "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709171 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
79f40c4c-8065-43c5-872e-027e2c15a32d "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709171 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
8aa18a3d-eb9c-4aa3-afbe-0f2efc847085 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709172 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
7c29d5db-3512-47d1-b76e-b3e6f224c267 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709172 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c8f60a16-d38b-44f9-954d-4be473fd633d "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709172 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f5054a22-74a9-4f9b-9af2-75f48668b9a3 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709172 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
5d6e83cc-4028-4bf0-947f-2ea2c8d856c0 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709172 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
2c399a66-e8a9-4bae-9ce6-2d4031bca2ae "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709172 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
82aa1707-9799-4207-ba2c-496c554eaca1 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709173 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
3b343c2e-4ee2-4372-9a37-4f1d34155ae3 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709173 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
874bd84b-be98-4ad0-94c3-61e359e967c8 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709173 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
792e3b14-98c6-457d-95d6-75f2779d41de "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709173 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
58685195-922e-4427-962e-cd8b56a8c306 "\\"[]\\"" Updated issue Insecure File Upload cvss to 10 1715709175 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
60ced946-8533-480d-a97b-0b53b3e82c73 "\\"[]\\"" Updated issue Insecure File Upload cvss to 10 1715709176 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c9828d89-c7b8-4025-a441-e61e55714901 "\\"[]\\"" Updated issue Insecure File Upload cvss to 10 1715709176 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
026b2a42-f4bd-4278-9892-2d819f0ab8ff "\\"[]\\"" Updated issue Insecure File Upload cvss to 10 1715709176 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
7301251e-8148-4a9b-88b2-e25e6c001e13 "\\"[]\\"" Updated issue Insecure File Upload cvss to 10 1715709176 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
e210c7c1-e991-4418-9c1d-c027cfd2630e "\\"[]\\"" Updated issue Insecure File Upload cvss to 10 1715709176 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
e595e92a-5d8d-43c5-88e0-5fe7f2e32ea4 "\\"[]\\"" Updated issue Insecure File Upload cvss to 10 1715709176 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
ae560519-8b23-44dd-9dff-e3b201de4e72 "\\"[]\\"" Updated issue Insecure File Upload cvss to 10 1715709177 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
ddb56ab6-6967-4518-bd0d-da3d7d1c5097 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709383 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
09310174-ac4e-4d22-b467-496f56ed7bd6 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709384 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
2c6310d8-f2fa-4ae1-bc87-66db8d07a143 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709384 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
4faa87d2-ec77-41eb-bb9c-a98ffb2bfea4 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709384 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
19c1dcef-a478-4c4b-a69e-c45440f26400 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709384 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
142f4ea9-de71-4814-9770-a0b14180fb80 "\\"[]\\"" Updated issue Insecure File Upload 1715709392 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
4895b399-f048-45ef-820b-7ba4b43c0944 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709479 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
25e127de-ed16-4934-9d07-a030c98854d8 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709480 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
23690006-695b-4a13-841f-c16a47123ec6 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709480 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
5e8fb472-a835-466c-aa40-59e9b49bf40e "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709480 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
5bb9488a-86e9-4bfe-b15a-98bd17e0f1cb "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709481 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
984e65de-79a8-40b0-ac62-493e89710475 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709481 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
e54ca8f4-3161-4940-8b47-86b6f2572c2e "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709481 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
8f21cda1-46de-4b95-892e-0c8ddfd5c5ed "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715709590 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
4a0c956e-48f7-4287-95f6-18cb34a7252a "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715709590 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
e2d098b9-d0f1-41d4-8852-445fbe9965fa "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715709590 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
0d7ceade-a6db-4ca9-959b-fedb70122819 "\\"[]\\"" Deleted Issue Unauthenticate SQL injection 1715709590 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
9abde46f-9902-461d-812b-6ea9fc35bb46 "\\"[]\\"" Deleted Issue Cross Site Scripting (XSS) 1715709590 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 926ec7f5-5674-45dc-ae0d-bd996488cb2e
c79e6b7e-a2ee-4d3f-b28f-06221a564d36 "\\"[]\\"" Updated issue Insecure File Upload 1715709617 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f06ccef8-b3c0-4528-8007-e9d691acb4bb "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709780 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
908eefb8-f75f-43d7-aae9-592f03d861cd "\\"[]\\"" Updated issue Insecure File Upload 1715709796 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
4e948824-11f3-465e-98bf-c321a200f6a9 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709867 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
57de0d53-0b7b-43a4-b711-77f1d24bbbb2 "\\"[]\\"" Updated issue Insecure File Upload 1715709882 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
211dc31a-c7a1-4b06-8305-4fc95f542fe7 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715709971 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
ee581124-03d2-4f46-8954-07292b77f791 "\\"[]\\"" Updated issue Insecure File Upload 1715709975 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
fc1d3713-0774-4f2e-b25b-ee7c4d2d3ee6 "\\"[]\\"" Updated issue Insecure File Upload 1715710013 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f5af0326-971a-41cf-8d88-d2953cfcdb0c "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715710016 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c0fb6efd-04a8-4357-8c3e-0eacd5748667 "\\"[]\\"" Updated issue Insecure File Upload 1715710020 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
9f71e50d-38ba-452b-a1fd-7b80e4d1e85d "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715710106 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f6e6966f-72b6-4409-a276-30fb100279ee "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715710108 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
70d6d719-6c9d-42a5-8231-10f9feb381f2 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715710108 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
105c3360-5dc6-49eb-a6fe-baec4a833f4d "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715710108 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
e013f4ba-cf24-4f6a-b420-956c4dfdaa5b "\\"[]\\"" Updated issue Insecure File Upload field "cvss_vector" 1715710140 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
c619d5b4-052d-498b-ae57-89d2364e014e "\\"[]\\"" Updated issue Insecure File Upload 1715710146 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
319c6662-87aa-442d-8a55-881e6aed6a02 "\\"[]\\"" Updated issue Insecure File Upload 1715710149 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
f64eaa21-b347-4c28-b096-e10d4e4e8ff6 "\\"[]\\"" Updated issue Insecure File Upload 1715710152 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
065bce4d-7b42-4bf2-a85f-bfdc1dff2d87 "\\"[]\\"" Updated issue Insecure File Upload 1715710193 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
e979aff4-af4d-437d-ab79-ffe67b7860d4 "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715710200 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
94abc0fc-c163-4559-af34-95cb0ce2597a "\\"[]\\"" Updated issue Insecure File Upload 1715710204 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded
d24d73ea-5fdb-4798-a484-7d60b05826ea "\\"[]\\"" Updated issue Insecure File Upload cvss to 7.1 1715710212 543d36eb-8bd5-49cc-a3ba-8812c9ef0d7c 42a774cc-6853-410f-8071-0801b67a9ded