LFI to RCE via access_log injection

Five #Indonesian Bank that still #vulnerable to #Poodle attack


Here is some Indonesian Bank that still vulnerable to Poodle attack.
I'm using SSL/TLS Security Test by High-Tech Bridge and manual scan using nmap.

>> https://iperson.bankjatim.co.id

SSL/TLS Security Test


Script scan nmap



>> https://netbank.jtrustbank.co.id

SSL/TLS Security Test


Script scan nmap



>> https://cib.qnb.co.id

SSL/TLS Security Test


Script scan nmap



>> https://www.tunaiku.amarbank.co.id

SSL/TLS Security Test


Script scan nmap



>> https://www.nobuwwwbanking.com

SSL/TLS Security Test


Script scan nmap


Happy hunting guys!

Updated.
Some bank has been notified about this vulnerability.


./NoGe

Comments