Skip to content

Latest commit

 

History

History
15 lines (10 loc) · 1.24 KB

README.md

File metadata and controls

15 lines (10 loc) · 1.24 KB

henschotermeer-exploits

Multiple exploits found while sniffing Henschotermeer site.

The exploits were found on July 31st (0008-0009) and August 12th (0010). The exploits were reported to Henschotermeer on August 13th following Coordinated Vulnerabilty Disclosure principles. PTG-2021-002 was found on 2021-02-13.

To our knowlegde, PTG-2020-0010 was fixed on 2020-09-07. PTG-2020-0008 and PTG-2020-0009 were fixed on an unknown date.

PTG-2021-002 was fixed on 2021-04-01.

The exploits

  1. PTG-2020-0008: Bypass of the ticket blockade
  2. PTG-2020-0009: Use of incremental ticket idenifiers
  3. PTG-2020-0010: Unsafe download link causes personal data leak
  4. PTG-2021-002: Client-side payment processing causes free tickets through code injection