2 bugs on the UMS (Muhammadiyah University of Surakarta) website | #poc videos

disclaimer: in this video, I do not teach any way to do evil. but I made this to help friends in learning ethical hacking. and this is for nothing but educational purposes. "hacking without permission is illegal"

================================================== ========vulnerability:- origin ip disclosure- sensitive exposure datalevel:criticaldescription:- origin ip disclosure in short, the internal (backend) ip address hosted by the developer is revealed to the public. so that external attackers can carry out advanced attacks such as ssrf, ddos, and attacks that directly communicate with the server without any security protection such as waf, and other types of firewalls- sensitive exposure data. One of my findings is information about the backend on the subdomain. through this information, the attacker will exploit this information to enhance the attack. information regarding the type of database, the user who manages it, the email backend, the debugger tool (in production conditions), etc. should not be disclosed to the public
==========================================================#ethicalhackingforbeginners

#bughunting #informationgathering #originipdisclosure #sensitivedataexposure #sqlinjection #commandinjection #ssrfattack #ddosattack #websecurity #cybersecurity #clickjacking #vulnerability #securityflaws #backendvulnerability #servermisconfiguration #securityheaders #webapplicationfirewall #cloudflareprotection #databaseexposure #umsaciddisclosure #securityimprovement #sanitization #validation #xssprotection #clickjackingprevention #wafimplementation #backendprotection #vulnerabilityassessment #ipdisclosure #datasecurity #exposedbackend #serversecurity #internalipaddress #backendinformation #productionenvironment #attackersentry #hackertarget #attackvector #networkprotection #firewallbypass #ddosvulnerability #ssrfexposure #xframeoptions #contentsecuritypolicy #permissionpolicy #referrerpolicy #stricttransportsecurity #xcontenttypeoptions #botmanager #debuggervulnerability #subdomainvulnerability #subdomainenumeration #ipaddressleak #privateipdisclosure #cyberthreats #vpssecurity #cloudfirewall #vpnprotection #proxyfirewall #tagiframevulnerability #iframesecurity #clickjackingvulnerability #webappsecurity #sanitizationprocess #inputvalidation #dataexposureprevention #productiondebugger #debuggingprotection #serverhardening #securitybestpractices #ethicalhacker #pentesting #penetrationtesting #exploitprevention #dataexposure #webprotection #networksecurity #websecuritybasics #bugbounty #bugbountyhunter #ethicalhackingcommunity #hackereducation #securitytesting #vulnerabilitiesexposure #penetrationtest #informationsensitive #bugreport #securityflaw #dataexposed #securityadvisory #hackingtutorial #cyberattackprevention #hackingeducation #servervulnerability #websitevulnerability #webhacking #webserverexposure #firewallprotection #wafprotection #ethicalhackersguide #criticalvulnerability #servertesting #ethicalhackertools #networkvulnerability #vulnerabilitiesexplained #exploitationguide #dataexposureissue #backendserversafety #hackingleaks #ethicalhackingvideo #ethicalhackingawareness #ipdisclosurevulnerability #backendsecuritythreat #serverflaw #systemmisconfiguration #attackprevention #backendinformationleak #cybersecurityawareness #firewallmisconfiguration #hackingtechniques #securityimprovementsuggestions