https://www.survey.banphotphisai.go.th/yuki.htm notified by Senzawa
>> ARCHIVE: 2020-10
https://www.survey.banphotphisai.go.th/yuki.htm notified by Senzawa
https://www.banphotphisai.go.th/yuki.htm notified by Senzawa
https://dptdds.dpt.go.th/yuki.htm notified by Senzawa
http://kaengkhro.go.th/yuki.htm notified by Senzawa
http://taxpak10.excise.go.th/yuki.htm notified by Senzawa
http://kingrama10.dol.go.th/sad.htm notified by Senzawa
A brief write up discussing disclosure of internal IPs and hostnames from Apple bots leveraging Via and X-Forwarded-For headers.
Car Rental Management System 1.0 – Arbitrary File Upload
Stock Management System 1.0 – ‘brandId and categoriesId’ SQL Injection
Ajenti 2.1.36 – Remote Code Execution (Authenticated)