Back to directory
WRITEUP #528

Multiple Vulnerabilities On GestSup 3.2.44

Auth BypassAccount takeoverSQL injectionStored XSSSecurity code review
by@_Worty(Pierre Martin)
Program
GetSup
Published
Jan 22, 2024
Added to HackDex
Feb 1, 2024
Read Full Writeuphttps://www.synacktiv.com/advisories/multiple-vulnerabilities-on-gestsup-3244
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670
SQL InjectionReverse engineering
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat