Gelvora data breach and your personal data

Working as a part of Digital Security Alliance, we came across vulnerability affecting Gelvora SIA owned system infodebt.lv. This system potentially contains financial data about most of the citizens of Latvia. Based on the domain registration information provided in WHOIS records, system has been active since year 2013. The vulnerability allowed unauthorized access to the database, with which, all of the database records can be retrieved. From the information available on Gelvora.lv about infodebt.lv: “The advantages of the database: it is one of the largest debt history databases in Latvia;”. Based on this it’s safe to assume that the database contains information for

Continue Reading

“Freelancer Office” by gitbench privilege escalation vulnerability

Working together with Digital Security Alliance, filling a request to do penetration testing through clients infrastructure, we found privilege escalation vulnerability in “Freelancer Office” by gitbench. The exploit affects all versions above 1.7 (including current release) and can be done in less than 2 minutes, with browser as the only required tool. Simple Google Dork due to scripts copyright allowed us to find hundreds of vulnerable targets within seconds. All of the targets confirmed that the issue indeed isn’t a false positive. Informing both the author gitbench (via wm@gitbench.com – William Mandai) and distributor Envato, CodeCanyon (via their support channel) is without

Continue Reading