MTN Group: Information disclosure due to debug mode enabled at Laravel instance https://mpos.mtn.co.sz/

The Laravel framework contained a vulnerability known as CVE-2021-3129, which allowed remote code execution due to unsafe usage of PHP in the Ignition debug module. This vulnerability was relatively easy to exploit and did not require user authentication, resulting in a high CVSS score of 9.8. Th...

MTN Group: Unauthenticated phpinfo()files could lead to ability file read at █████████

The remote web server contained a PHP script that exposed sensitive information about the server's configuration through the phpinfo function. This information could have been used by an attacker to conduct further attacks against the system...

MTN Group: Yet Another OTP code Leaked in the API Response

The OTP code was leaked in the API response, which compromised the purpose of its implementation. The application requested a phone number for authentication and sent an OTP code to the user, but the OTP was returned in the API response, exposing it to potential misuse...

mtn-resorts.com Cross Site Scripting vulnerability OBB-3949298

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

MTN Group: Unauthenticated phpinfo()files could lead to ability file read at h2f54.n1.ips.mtn.co.ug [/dashboard/]

The phpinfo files at h2f54.n1.ips.mtn.co.ug were left unauthenticated, potentially allowing remote attackers to obtain sensitive information about the web server configuration...

mtn-resorts.com Cross Site Scripting vulnerability OBB-3946286

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mtn-stadium.com.kh Cross Site Scripting vulnerability OBB-3936925

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

MTN Group: FULL ACCOUNT TAKEOVER

The selfservice portal at https://mymtn.com.ng/ allowed an attacker to take over any Nigerian MTN phone number. The attacker was able to access the account holder's personal information, such as date of birth and full name. The attacker also had the ability to use any available airtime on the...

MTN Group: CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug

The JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allowed remote attackers to obtain sensitive information about deployed web contexts via a request to the status servlet, as demonstrated by a full=true query string. This issue was caused by a regression fr...

MTN Group: Improper Access Controls(Admin Path)

The vulnerability involved improper access controls that allowed the admin path "/wp-admin/admin-ajax.php" to be accessed on the "https://nin.mtn.ng/" website. This could have potentially allowed unauthorized access to sensitive information...

MTN Group: Reflected XSS in https://nin.mtn.ng/nin/success?message=lol&nin=<VULNERABLE>

The reflected XSS vulnerability was found in the 'nin' parameter of the 'https://nin.mtn.ng/nin/success' endpoint. Successful exploitation allowed an attacker to execute arbitrary JavaScript in the victim's browser...

SUSE CVE-2010-4098

monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service crash via an empty argument to the mtn command...

MTN Group: PHP info page disclosure in ██████████

The PHP info page was disclosed, which provided detailed information about the system and PHP configuration, including the exact PHP version, operating system, and internal IP addresses...

MTN Group: Reflected cross site scripting (XSS) attacks Reflected XSS attacks,

The vulnerability summary is as follows: Reflected XSS attacks occur when a malicious script was reflected off of a web application to the victim's browser. The vulnerability was typically a result of incoming requests not being sufficiently sanitized, which allowed for the manipulation of a web...

MTN Group: Leaking usernames through endpoints Wordpress

The WordPress API exposed user information, including usernames, through a publicly accessible endpoint at https://alt.mtn.com/wp-json/wp/v2/users. This allowed an attacker to enumerate valid usernames on the site...

MTN Group: Wordpress users Disclosure [ /wp-json/wp/v2/users/ ] Not Resolved ()

On this report's 735586 You closed the report and changed the status to Resolved. But it's Not Resolved The Bug It's Still there url: https://www.mtn.com/wp-json/wp/v2/users/ Sorry to say this still i can reproduce this issue please remove /wp-json/wp/v2/users/ file if your domain dont use that...

MTN Group: No rate limit in OTP code sending

The submission describes a vulnerability in the OTP One-Time Password code sending functionality of the MTN Play website. The vulnerability allows an attacker to send an unlimited number of OTP codes without any rate limiting, potentially flooding the victim's mobile inbox. The vulnerability was...

MTN Group: Reflected - XSS

The Reflected XSS vulnerability was discovered on the website www.mtn.bj. The vulnerability was triggered by entering a malicious payload in the Messages section, which resulted in the execution of the payload on the client-side...

MTN Group: Reflected XSS in chatbot

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts Pro...

MTN Group: Authentication Bypass Leads To Complete Account TakeveOver on ██████████

The application's backend logic placed too much trust on the login information submitted by the user, which allowed a remote attacker to bypass authentication and perform account takeover...