Archive for December, 2018

Australia Post Group – Sensitive Information Leakage

in Python, Security, Web application security

I recently discovered a severe vulnerability present in a key system owned by StarTrack. What was particularly unusual about this vulnerability was that it didn’t require any sort of unusual payload to exploit – account data was being leaked within the normal processes of the system. Specifically, merely requesting a password reset