Faudhzan
Rahman

Hi guys, I am really excited for my 1st ever CVE ID. So today, I will share the breakdown of the process for getting the CVE ID. Maybe there are other blogs or websites sharing this process, but I wanted to share my journey on getting it. I'm relatively new in this field so pardon for my little knowledge that I have. I'm doing this for my own experience and knowledge. Also for the love of anything related to security. Below are the steps I've taken for the process. 1) Find vulnerability on your target. You can check whether your target is on the list of participating CNA . If it is not under any CNA , you can request it at  MITRE Corporation . You can check the list of participating CNA here:  https://cve.mitre.org/cve/request_id.html 2) After that, you can request it via web form here:  https://cveform.mitre.org/ The process is quite simple. You simply fill in the form with required information and in 24 hours, they will respond to your email. 3) You wi

Hi All, Today I will share POC on vulnerability found during pentest. As per the title, I recently found SQL Injection vulnerability on a thick client.  To read more about thick client, click here :  https://techterms.com/definition/thickclient Thick clients, also called heavy clients, are full-featured computers that are connected to a network.  While a thick client is fully functional without a network connection, it is only a "client" when it is connected to a server. The server may provide the thick client with programs and files that are not stored on the local machine's hard drive.   Exploit Title:   Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form. Details & Description :   SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL

Hi All, Welcome to my blog post. This is my first time venturing into blogging and I'm pretty excited to write things that I learn and my experience getting into Information Security Field. My intent is also in using this platform as my "diary" throughout my career in this field. Currently working as Security Consultant and aspiring to be a Specialist in Information Security. I'm learning to be a good bounty hunter but mind me, I'm still a newbie in this field. Really love to learn new things everyday and hungry for more knowledge. I will also post things related to security issue and challenges faced when doing penetration testing. Do hit me up if any of you have something to share with me. I hope this blog will be of some use to some of you that are trying to get into Information Security Field. Thank you.