9 matches found
Razer: [api.easy2pay.co] SQL Injection at fortumo via TransID parameter [Bypassing Signature Validation🔥]
The tester discovered the api.easy2pay.co suffered from a SQL injection vulnerability, affecting Razer Gold Thailand. Razer thanks the tester for his report and diligence...
Razer: SQL injection in Razer Gold List Admin at /lists/index.php via the `list[]` parameter.
The tester discovered a monitoring server in a Razer Gold environment was running legacy software with a SQL injection vulnerability. Razer thanks the tester for his diligence and helping keep Razer's customer data secure. A Razer Gold asset suffered from an SQL injection due to an outdated...
Razer: 🐞 OS Command Injection at https://sea-web.gold.razer.com/lab/ws-lookup via IP parameter
The tester discovered a Razer Gold Thailand site that suffered from a service with a command injection vulnerability. Razer thanks the tester for his report and clear PoC. a real world CTF-Like challenge 😅 Burpsuite Collaborator Client was very helpful Thanks @Razer for the bounty 🥳...
Razer: SQL injection at https://sea-web.gold.razer.com/ajax-get-status.php via txid parameter
The tester determined the Razer Gold TH site suffered from a SQL injection issue. Razer thanks the tester for his due diligence and clear report...
Razer: DOM-based XSS on https://zest.co.th/zestlinepay/
The tester discovered a DOM based XSS on a Razer Gold Thailand associated website that could allow stealing of user session cookies. He provided excellent reproduction steps and a video PoC. Razer thanks the tester for his great report and helping us to keep our customers' information secure...
Razer: SQL Injection at https://sea-web.gold.razer.com/lab/cash-card-incomplete-translog-resend via period-hour Parameter
The tester discovered a SQL injection issue that allowed access to data via Razer Gold Thailand's sea-web server. Razer appreciates the clear and thorough report...
Razer: SQL injection at https://sea-web.gold.razer.com/demo-th/goto-e2p-web-api.php via Multiple Parameters
The tester discovered a SQL injection vulnerability that allowed the potential extraction of information from a Razer Gold database. Although this turned out to be an unused service, we thank the tester for his diligence...
Razer: Reflected XSS on https://www.easytopup.in.th/store/product/return on parameter mref_id
The tester discovered a reflected XSS on Razer Gold Thailand's easytopup.in.th page. We appreciate the excellent POC and code analysis...
Razer: Information disclosure at http://sea-s2s.molthailand.com/status.php
The tester discovered a Razer Gold TH server was transmitting sensitive information without proper encryption, leading to a potential MITM attack. Razer thanks the tester for his diligence and the clear report/PoC...