KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

Vulnerability Found: IntravNews

This find was unique in that the result of me reporting the vulnerability to the owner, was in fact the owner taking the site down all together.  It has been a little over a month and the site is still down.  The site sold some pretty old software, so I am not sure if they just forgot the site existed still.

  • Vulnerability Type:  Unsecured web service
  • Implications:  No authentication was in place on this web service.  I was able to successfully generate a license key for the software sold by IntravNews.
  • Company Response: No response.
  • Date Reported: 30/09/2014

Note: The license key generated was not used. It was done as a proof of concept and was sent to the owner so they could blacklist the key.

asmxlicenseresolvedservicetheftunsecuredweb

Kalypto • November 1, 2014


Previous Post

Next Post