Lucene search
+L

95 matches found

Hacker One
Hacker One
added 2022/09/18 10:24 a.m.58 views

MTN Group: Exposure Of Admin Username & Password

Hello Team, Ther an exposure of your username and password on this subdomain https://engage2.mtnonline.com/nc/ Exposed Credentials uid: "mtnng", passwd: "bd31568138edbfc0552a1ecc6886ea5c", Steps To Reproduce: Visit https://engage2.mtnonline.com/nc/ Now, press CTRL+U to view the source code of thi...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2022/09/12 1:25 p.m.30 views

MTN Group: IDOR [mtnmobad.mtnbusiness.com.ng]

Steps To Reproduce: 1. Go to https://mtnmobad.mtnbusiness.com.ng//dashboard/home with burp proxy 1. Intercept a POST request to /app/dashboardData and review its response you will see emails and ids 1. Go to https://mtnmobad.mtnbusiness.com.ng//userProfile 1. change name, mobile, address etc. and...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2022/09/06 3:11 a.m.8 views

MTN Group: Firebase credentials leak

Summary: This report is regarding the fix of 1351329. The fix is not patched fully, comments are visible to anyone and an attacker can utilize this for further attacks. Steps To Reproduce: go to : view-source:https://mpulse.mtn.ng/ search for 'Initialize Firebase' as you can see the firebase...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2022/08/22 6:7 p.m.22 views

MTN Group: Remote code execution via crafted pentaho report uploaded using default credentials for pentaho business server

A remote code execution vulnerability was discovered in Pentaho Business Analytics Server. By uploading a specially crafted Pentaho report file using default credentials, an attacker could achieve arbitrary code execution...

8.5AI score
Exploits0
Hacker One
Hacker One
added 2022/07/22 11:3 a.m.29 views

MTN Group: Reflected xss on videostore.mtnonline.com

Summary: Hi, I found reflected xss vuln on videostore.mtnonline.com Steps To Reproduce: 1. Open browser 2. Go to...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2022/07/15 5:47 p.m.10 views

MTN Group: String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html

Summary: Hi, hope you are well : I found that the attacker can bye pass the lenght restriction of user name at the feedback form Steps To Reproduce: F1823237 Impact Attacker can make the receiver page to delay and can cause application level dos Mitigation: Restrict the lenght of the string in...

Exploits0
Hacker One
Hacker One
added 2022/04/14 8:48 p.m.21 views

MTN Group: Information Disclosure Leads To User Data Leak

Information disclosure is when a web application fails to properly protect confidential information, which causes revealing sensitive information or data of the users or anything related to users to any third party. Summary: Am able to get any MTN users data such as FULL NAME, CUSTOMER TYPE AND...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2022/04/11 12:18 a.m.20 views

MTN Group: Unprotected Direct Object Reference

Hello MTN Security Team, During my hunting, I discovered that there's an Insecure Direct Object Reference on https://nin.mtnonline.com Vulnerable Path: https://nin.mtnonline.com/nin/success?message=1 Steps To Reproduce: You may not even require to submit any NIN before accessing this unprotected...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2022/04/04 5:26 p.m.11 views

MTN Group: Open redirection at https://smartreports.mtncameroon.net

Summary: Hello, I found open redirection on https://smartreports.mtncameroon.net Steps To Reproduce: 1. Go to https://smartreports.mtncameroon.net//example.com/..;/css 2. Redirection to example.com Impact Open redirection vulnerability can redirect users to malicious sites that harm users...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2022/03/19 2:54 p.m.84 views

MTN Group: Download full backup [Mtn.co.rw]

Summary: I discovered few critical vulnerabilities here, one of them is exposed backup files via directory listing. Steps To Reproduce: go to https://mtn.co.rw/mtn.zip and download the file extract the file and open you will see the full backup of the website Similar report:...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2022/03/01 10:15 p.m.9 views

MTN Group: cross site scripting reflected

The vulnerability was a cross-site scripting XSS flaw that allowed arbitrary JavaScript to be executed on the target website. The payload '-alert1-' was reflected in the website's output, demonstrating the presence of the vulnerability...

5.9AI score
Exploits0
Hacker One
Hacker One
added 2022/01/17 11:44 a.m.25 views

MTN Group: POST BASED REFLECTED XSS IN dailydeals.mtn.co.za

Summary: Dear Team , I have found a post based reflected XSS in https://dailydeals.mtn.co.za/ . Steps To Reproduce: 1.Create a html file with following content . "document.forms0.submit 2.Open the HTML file in any web-browser. 3.Cross site Scripting will be triggered . Impact Attacker can exploit...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2022/01/13 6:1 a.m.27 views

MTN Group: Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure

Hello world, This vulnerability is too involved with regular users, in order for us to prevent any damage, we need 3 different user accounts we own. This gives us specific "userid" and "teamid" to work with. There's an Information Disclosure as a side effect of this vulnerability. User and team...

Exploits0
Hacker One
Hacker One
added 2021/12/22 8:15 p.m.26 views

MTN Group: Information disclosure through django debug mode

Summary: Your domain https://szezvzorilla.mtn.co.sz was disclosing information throught django debug mode enable. Steps To Reproduce: Visit https://szezvzorilla.mtn.co.sz/NONEXISTINGPATH/ You will the information of debugging Supporting Material/References: F1555934 attachment / reference Impact...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2021/12/14 6:23 p.m.13 views

MTN Group: path traversal vulnerability in Grafana 8.x allows " local file read "

Hi team, I've found a path traversal issue in the Grafana instances hosted on the MTN platforms. With the path traversal it's possible for an unauthenticated user to read arbitrary files on the server. This IP " 41.242.91.22 " Domain Name " mtn.com.gn " is for MTN Group F1545670 F1545682 Steps To...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2021/12/14 3:55 a.m.48 views

MTN Group: Remote code injection in Log4j on http://mtn1app.mtncameroon.net - CVE-2021-44228

The vulnerability CVE-2021-44228, a remote code injection flaw in Log4j, was discovered on the website http://mtn1app.mtncameroon.net. The vulnerability was confirmed to be present on the ports 8080 and 8443 of the website. The issue was demonstrated by retrieving the hostname of the affected...

10CVSS9.7AI score0.99999EPSS
Exploits355
Hacker One
Hacker One
added 2021/11/10 7:3 p.m.18 views

MTN Group: Sensitive Information Disclosure Through Config File

Summary: An attacker could gain access to sensitive information about usernames, encrypted passwords, internal IP addresses and configuration data of internal services. Steps To Reproduce: - Go to https://zik.mtncameroon.net/common/queryconfig.action Remediation Configure the application to not...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2021/11/10 7:0 p.m.13 views

MTN Group: Default Admin Username and Password on remedysso.mtncameroon.net

Summary: A Remedy Single Sign-On Remedy SSO Server is running at https://remedysso.mtncameroon.net/rsso/admin//. It is possible to access the application is using the default Administrator credentials. Steps To Reproduce: Go to https://remedysso.mtncameroon.net/rsso/admin// and login with...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2021/09/26 9:44 a.m.16 views

MTN Group: Exposed gitlab repo at https://adammanco.mtn.com/api/v4/projects

Summary: Hello I found Exposed gitlab repo at https://adammanco.mtn.com/api/v4/projects Steps To Reproduce: Visit https://adammanco.mtn.com/api/v4/projects Supporting Material/References: "id":5,"description":"","name":"test","namewithnamespace":"Jodrico Jansen Van Vuuren /...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2021/09/26 9:17 a.m.93 views

MTN Group: CVE-2021-38314 @ https://www.mtn.co.rw

Summary: Hello. I your domain https://www.mtn.co.rw was vulnerable to CVE-2021-38314 Description: The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the includes function in...

5CVSS0.28961EPSS
Exploits6
Rows per page
Query Builder