95 matches found
MTN Group: Exposure Of Admin Username & Password
Hello Team, Ther an exposure of your username and password on this subdomain https://engage2.mtnonline.com/nc/ Exposed Credentials uid: "mtnng", passwd: "bd31568138edbfc0552a1ecc6886ea5c", Steps To Reproduce: Visit https://engage2.mtnonline.com/nc/ Now, press CTRL+U to view the source code of thi...
MTN Group: IDOR [mtnmobad.mtnbusiness.com.ng]
Steps To Reproduce: 1. Go to https://mtnmobad.mtnbusiness.com.ng//dashboard/home with burp proxy 1. Intercept a POST request to /app/dashboardData and review its response you will see emails and ids 1. Go to https://mtnmobad.mtnbusiness.com.ng//userProfile 1. change name, mobile, address etc. and...
MTN Group: Firebase credentials leak
Summary: This report is regarding the fix of 1351329. The fix is not patched fully, comments are visible to anyone and an attacker can utilize this for further attacks. Steps To Reproduce: go to : view-source:https://mpulse.mtn.ng/ search for 'Initialize Firebase' as you can see the firebase...
MTN Group: Remote code execution via crafted pentaho report uploaded using default credentials for pentaho business server
A remote code execution vulnerability was discovered in Pentaho Business Analytics Server. By uploading a specially crafted Pentaho report file using default credentials, an attacker could achieve arbitrary code execution...
MTN Group: Reflected xss on videostore.mtnonline.com
Summary: Hi, I found reflected xss vuln on videostore.mtnonline.com Steps To Reproduce: 1. Open browser 2. Go to...
MTN Group: String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html
Summary: Hi, hope you are well : I found that the attacker can bye pass the lenght restriction of user name at the feedback form Steps To Reproduce: F1823237 Impact Attacker can make the receiver page to delay and can cause application level dos Mitigation: Restrict the lenght of the string in...
MTN Group: Information Disclosure Leads To User Data Leak
Information disclosure is when a web application fails to properly protect confidential information, which causes revealing sensitive information or data of the users or anything related to users to any third party. Summary: Am able to get any MTN users data such as FULL NAME, CUSTOMER TYPE AND...
MTN Group: Unprotected Direct Object Reference
Hello MTN Security Team, During my hunting, I discovered that there's an Insecure Direct Object Reference on https://nin.mtnonline.com Vulnerable Path: https://nin.mtnonline.com/nin/success?message=1 Steps To Reproduce: You may not even require to submit any NIN before accessing this unprotected...
MTN Group: Open redirection at https://smartreports.mtncameroon.net
Summary: Hello, I found open redirection on https://smartreports.mtncameroon.net Steps To Reproduce: 1. Go to https://smartreports.mtncameroon.net//example.com/..;/css 2. Redirection to example.com Impact Open redirection vulnerability can redirect users to malicious sites that harm users...
MTN Group: Download full backup [Mtn.co.rw]
Summary: I discovered few critical vulnerabilities here, one of them is exposed backup files via directory listing. Steps To Reproduce: go to https://mtn.co.rw/mtn.zip and download the file extract the file and open you will see the full backup of the website Similar report:...
MTN Group: cross site scripting reflected
The vulnerability was a cross-site scripting XSS flaw that allowed arbitrary JavaScript to be executed on the target website. The payload '-alert1-' was reflected in the website's output, demonstrating the presence of the vulnerability...
MTN Group: POST BASED REFLECTED XSS IN dailydeals.mtn.co.za
Summary: Dear Team , I have found a post based reflected XSS in https://dailydeals.mtn.co.za/ . Steps To Reproduce: 1.Create a html file with following content . "document.forms0.submit 2.Open the HTML file in any web-browser. 3.Cross site Scripting will be triggered . Impact Attacker can exploit...
MTN Group: Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure
Hello world, This vulnerability is too involved with regular users, in order for us to prevent any damage, we need 3 different user accounts we own. This gives us specific "userid" and "teamid" to work with. There's an Information Disclosure as a side effect of this vulnerability. User and team...
MTN Group: Information disclosure through django debug mode
Summary: Your domain https://szezvzorilla.mtn.co.sz was disclosing information throught django debug mode enable. Steps To Reproduce: Visit https://szezvzorilla.mtn.co.sz/NONEXISTINGPATH/ You will the information of debugging Supporting Material/References: F1555934 attachment / reference Impact...
MTN Group: path traversal vulnerability in Grafana 8.x allows " local file read "
Hi team, I've found a path traversal issue in the Grafana instances hosted on the MTN platforms. With the path traversal it's possible for an unauthenticated user to read arbitrary files on the server. This IP " 41.242.91.22 " Domain Name " mtn.com.gn " is for MTN Group F1545670 F1545682 Steps To...
MTN Group: Remote code injection in Log4j on http://mtn1app.mtncameroon.net - CVE-2021-44228
The vulnerability CVE-2021-44228, a remote code injection flaw in Log4j, was discovered on the website http://mtn1app.mtncameroon.net. The vulnerability was confirmed to be present on the ports 8080 and 8443 of the website. The issue was demonstrated by retrieving the hostname of the affected...
MTN Group: Sensitive Information Disclosure Through Config File
Summary: An attacker could gain access to sensitive information about usernames, encrypted passwords, internal IP addresses and configuration data of internal services. Steps To Reproduce: - Go to https://zik.mtncameroon.net/common/queryconfig.action Remediation Configure the application to not...
MTN Group: Default Admin Username and Password on remedysso.mtncameroon.net
Summary: A Remedy Single Sign-On Remedy SSO Server is running at https://remedysso.mtncameroon.net/rsso/admin//. It is possible to access the application is using the default Administrator credentials. Steps To Reproduce: Go to https://remedysso.mtncameroon.net/rsso/admin// and login with...
MTN Group: Exposed gitlab repo at https://adammanco.mtn.com/api/v4/projects
Summary: Hello I found Exposed gitlab repo at https://adammanco.mtn.com/api/v4/projects Steps To Reproduce: Visit https://adammanco.mtn.com/api/v4/projects Supporting Material/References: "id":5,"description":"","name":"test","namewithnamespace":"Jodrico Jansen Van Vuuren /...
MTN Group: CVE-2021-38314 @ https://www.mtn.co.rw
Summary: Hello. I your domain https://www.mtn.co.rw was vulnerable to CVE-2021-38314 Description: The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the includes function in...