Leaderboard

Leaderboard Bug Hunter
JagoanSiber

Daftar peserta yang berhasil menemukan celah keamanan pada simulasi bug hunting JagoanSiber kelas Ethical Hacking for Beginner Batch 1

Pengen jadi Ethical Hacking seperti mereka?
Gabung kelas Ethcial Hacking for Beginner Batch 2.

Daftar Sekarang

Judul Laporan	Target Website	Kategori	Severity	Score
Privilege Escalation via Parameter Tampering on Registration Form	bertani.my.id	PE	High	50
Stored Cross-Site Scripting	bertani.my.id	XSS	High	50
Unrestricted Access to Administrative Interface	pegawai.my.id	BAC	Critical	100
Insecure Direct Object Reference (IDOR) on Tasks & Payrolls Endpoint	pegawai.my.id	IDOR	Medium	30
Information Disclosure via Publicly Accessible Environment File	pegawai.my.id	SFD	Low	10
Unrestricted Access to Administrative Interface Ringkasin.My.Id	ringkasin.my.id	BAC	Critical	100
Insecure Direct Object Reference (IDOR) on Update Data Profile	ringkasin.my.id	IDOR	High	50
Insecure Direct Object Reference (IDOR) on Manage Link Endpoint	ringkasin.my.id	IDOR	Medium	30
Privilege Escalation via Parameter Tampering on Registration Form	ringkasin.my.id	PE	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Unauthorized Database Access via Exposed Credentials	bertani.my.id	SFI	Critical	100
Debug Mode Disclosure with Full Stack Trace (Laravel)	bertani.my.id	DMD	Low	10
Critical Privilege Escalation via Unrestricted Role Assignment in /employee	pegawai.my.id	PE	High	50
Insecure Direct Object Reference (IDOR) -Unauthorized Task Editing	pegawai.my.id	IDOR	High	50
Exposed .env and db.php File Allowing Unauthorized Database Access via Sensitive File Enumeration	pegawai.my.id	SFD	Critical	100
Security Vulnerability Report: Insecure Direct Object Reference (IDOR) in User Management	ringkasin.my.id	IDOR	High	50
Unrestricted File Upload Leading to Sensitive Data Exposure and Database Compromise	ringkasin.my.id	RCE	Critical	100

Judul Laporan	Target Website	Kategori	Severity	Score
Broken Access Control	bertani.my.id	BAC	High	50
Broken Access Control	bertani.my.id	BAC	High	50
Cross-Site Scripting (XSS)	bertani.my.id	XSS	High	50
Stored Cross-Site Scripting (XSS)	bertani.my.id	XSS	High	50
Sensitive File Disclosure	pegawai.my.id	SFD	Low	10
Broken Access Control	ringkasin.my.id	BAC	High	50
Sensitive Data Exposure dan Broken Access Control	ringkasin.my.id	SDE	High	50
Remote Code Execution (RCE) via File Upload	ringkasin.my.id	RCE	Critical	100
Stored Cross-Site Scripting (XSS)	ringkasin.my.id	XSS	Medium	30

Judul Laporan	Target Website	Kategori	Severity	Score
Melakukan pendaftaran dengan mengubah user role menjadi admin	bertani.my.id	BAC	High	50
SQL Error Exposure Due to Improper Input Validation	bertani.my.id	SQLi	Low	10
Terdapat XSS pada Diskusi Tani	bertani.my.id	XSS	High	50
Pemalsuan Lokasi Sisi Klien Memungkinkan Pendaftaran Kehadiran Tanpa Izin	pegawai.my.id	CSVB	Medium	30
Pengungkapan Kritis File Laravel .env Mengungkap Rahasia Aplikasi dan Kredensial Basis Data	pegawai.my.id	SFD	Low	10
Merubah role menjadi admin	ringkasin.my.id	BAC	High	50
RCE pada file upload avatar pada ringkasin.my.id	ringkasin.my.id	RCE	Critical	100
XSS VIA FILE UPLOAD	ringkasin.my.id	XSS	Medium	30

Judul Laporan	Target Website	Kategori	Severity	Score
Privilege Escalation	bertani.my.id	PE	High	50
Stored-Cross Site Scripting (XSS)	bertani.my.id	XSS	High	50
Insecure Direct Object References	pegawai.my.id	IDOR	Medium	30
Privilege Escalation	pegawai.my.id	PE	High	50
Insecure Direct Object References	ringkasin.my.id	IDOR	High	50
Privilege Escalation	ringkasin.my.id	PE	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Broken Access Control pada transactions & catalog	bertani.my.id	BAC	Medium	30
IDOR pada Edit User	bertani.my.id	IDOR	High	50
Broken Authentication/Business Logic Error pada register	bertani.my.id	BA	High	50
Stored XSS (Cross Site Scripting) pada bertani.my.id/forum	bertani.my.id	XSS	High	50
Upload file injection to RCE	ringkasin.my.id	RCE	Critical	100

Judul Laporan	Target Website	Kategori	Severity	Score
Unauthenticated Privilege Escalation to Admin (via Role Parameter Manipulation)	bertani.my.id	PE	High	50
Broken Access Control (IDOR & Privilege Escalation)	ringkasin.my.id	BAC	High	50
Remote Code Execution via Unfiltered PHP Upload in Avatar Feature	ringkasin.my.id	RCE	Critical	100
Stored XSS via Malicious SVG Upload in Avatar	ringkasin.my.id	XSS	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Stored XSS (Cross Site Scripting)	bertani.my.id	XSS	High	50
Sensitive Data Exposure via Exposed Environment Variable File	pegawai.my.id	SDE	Low	10
IDOR (Insecure Direct Object Reference)	ringkasin.my.id	IDOR	High	50
Security Misconfiguration (Exposed Adminer.php / db.php)	ringkasin.my.id	SM	Low	10
Arbitrary File Upload with Impact to Remote Code Execution (RCE)	ringkasin.my.id	RCE	Critical	100

Judul Laporan	Target Website	Kategori	Severity	Score
Insecure Direct Object References (IDOR) Vulnerability: Privilege Escalation to Admin via Registration and Settings Endpoints	bertani.my.id	IDOR	High	50
Information Disclosure via Laravel Ignition Health Check and Potential Sensitive Management Endpoints Exposure	bertani.my.id	ID	Low	10
Information Leakage through Public Access to Sensitive Files (.env, .DS_Store, .git) and manifest.json	pegawai.my.id	IL	High	50
Insecure Direct Object References (IDOR) Vulnerability: Privilege Escalation to Admin via Registration Form	ringkasin.my.id	IDOR	High	50
Persistent Cross-Site Scripting (XSS) via thread_content field at /forum page	ringkasin.my.id	XSS	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Privilege Escalation melalui Manipulasi Role pada Fitur Update Profil	bertani.my.id	PE	High	50
Stored XSS pada Fitur Diskusi Tani	bertani.my.id	XSS	High	50
Remote Code Execution Vulnerability	ringkasin.my.id	RCE	Critical	100

Judul Laporan	Target Website	Kategori	Severity	Score
User public bisa mendaftar/registrasi sebagai admin	bertani.my.id	PE	High	50
Tidak ada restriksi tipe file yang boleh diunggah	bertani.my.id	FR	Low	10
User public bisa mendaftar/registrasi sebagai admin	ringkasin.my.id	PE	High	50
IDOR pada update profile	ringkasin.my.id	IDOR	High	50
Tidak ada restriksi tipe file yang boleh diunggah	ringkasin.my.id	FR	Low	10

Judul Laporan	Target Website	Kategori	Severity	Score
XSS Persisten pada Form Diskusi input Konten isi yang Mengizinkan Eksekusi Script Berbahaya	bertani.my.id	XSS	High	50
Pengungkapan Informasi Sensitif melalui File .env yang Terekspos	pegawai.my.id	ID	Low	10
Remote Code Execution (RCE) melalui Unggah File dengan Ekstensi Ganda (e.g., shell.php.jpg)	ringkasin.my.id	RCE	Critical	100

Judul Laporan	Target Website	Kategori	Severity	Score
Insecure Direct Object Reference (IDOR)	bertani.my.id	IDOR	Medium	30
Privilege Escalation	bertani.my.id	PE	High	50
Cross-Site Scripting (XSS)	bertani.my.id	XSS	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Unauthorized Role Elevation (Petani - Admin)	bertani.my.id	PE	High	50
Cross Site Scripting (XSS) in Diskusi Module	bertani.my.id	XSS	High	50
Insecure Direct Object Reference (IDOR) in Payrolls Module	pegawai.my.id	IDOR	Medium	30

Judul Laporan	Target Website	Kategori	Severity	Score
Privilege Escalation via Parameter Tampering of 'role_name' during User Registration	bertani.my.id	PE	High	50
Source Code Information Disclosure via exposed git folder	pegawai.my.id	ID	Low	10
Privilege Escalation via Hidden Field Manipulation during User Registration	ringkasin.my.id	PE	High	50
Source Code Information Disclosure via exposed git folder	ringkasin.my.id	ID	Low	10

Judul Laporan	Target Website	Kategori	Severity	Score
IDOR Vulnerability on bertani.my.id	bertani.my.id	IDOR	High	50
IDOR Vulnerability on ringkasin.my.id	ringkasin.my.id	IDOR	High	50
Improper Input Validation on Telephone	ringkasin.my.id	IV	Low	10

Judul Laporan	Target Website	Kategori	Severity	Score
RCE via Malicious File Upload	ringkasin.my.id	RCE	Critical	100

Judul Laporan	Target Website	Kategori	Severity	Score
Privilege Escalation - Register	bertani.my.id	PE	High	50
Privilege Escalation - Admin Path	bertani.my.id	PE	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Upload File Arbitrer Melalui Fitur Foto Profil Mengakibatkan Eksekusi Kode Jarak Jauh (Remote Code Execution)	ringkasin.my.id	RCE	Critical	100

Judul Laporan	Target Website	Kategori	Severity	Score
Admin Role via Mass Assignment	ringkasin.my.id	PE	High	50
Chained Exploit Leading to Full Admin Access	ringkasin.my.id	PE	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Unrestricted Upload of File with Dangerous Type	ringkasin.my.id	FR	Critical	100

Judul Laporan	Target Website	Kategori	Severity	Score
Vertical Privilege Escalation Exploited via Burp Suite in Role Assignment Endpoint	bertani.my.id	PE	High	50
Stored XSS in Forum Comments on bertani.my.id	bertani.my.id	XSS	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
IDOR + Broken Access Control Leading to Privilege Escalation (User - Admin)	bertani.my.id	IDOR+PE	High	50
stored xss contained in the profile update page that is executed on the user data page	bertani.my.id	XSS	Medium	30

Judul Laporan	Target Website	Kategori	Severity	Score
Stored Cross-Site Scripting (XSS) melalui Kolom 'Pekerjaan' pada Fitur Update Profil Pengguna	bertani.my.id	XSS	High	50
Insecure Direct Object Reference (IDOR) pada Fitur Pemendek URL	ringkasin.my.id	IDOR	Medium	30

Judul Laporan	Target Website	Kategori	Severity	Score
Stored Cross-Site Scripting (XSS)	bertani.my.id	XSS	High	50
Sensitive Data Exposure pada pegawai.my.id	pegawai.my.id	SDE	Medium	30

Judul Laporan	Target Website	Kategori	Severity	Score
Critical SQL Injection & Stored XSS on bertani.my.id	bertani.my.id	SQLi+XSS	Medium	30
Critical Disclosure - Exposed .git & .env on pegawai.my.id	pegawai.my.id	ID	Low	10
Email Enumeration via Forgot Password	pegawai.my.id	ID	Low	10
Disclosure Of Internal Configuration Via Exposed Web.Config	ringkasin.my.id	ID	Low	10

Judul Laporan	Target Website	Kategori	Severity	Score
Pengungkapan Informasi Sensitif Melalui Pesan Error Laravel yang Terlalu Rinci	bertani.my.id	ID	Low	10
Stored XSS pada Fitur Forum di bertani.my.id	bertani.my.id	XSS	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
XSS to Session Hijacking via Insecure Cookies (Missing HttpOnly & Secure Flags)	bertani.my.id	XSS	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Stored Cross-Site Scripting (XSS) in Forum Module	bertani.my.id	XSS	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Privilege Encapsulation via register page	ringkasin.my.id	PE	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Laporan bug broken access control di web	ringkasin.my.id	BAC	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Broken Access Control	bertani.my.id	BAC	High	50

Judul Laporan	Target Website	Kategori	Severity	Score
Host Header Injection Leading to Open Redirect	bertani.my.id	HHI	Low	10
Host Header Injection Leading to Full Website Open Redirect on bertani.my.id	bertani.my.id	HHI	Low	10
Host Header Injection Causes Open Redirection of Website Login and Register Forms	ringkasin.my.id	HHI	Low	10

Judul Laporan	Target Website	Kategori	Severity	Score
Vulnerability Disclosure	ringkasin.my.id	VD	Low	10

Judul Laporan	Target Website	Kategori	Severity	Score
Adminer Terbuka untuk Publik di https://ringkasin.my.id	ringkasin.my.id	ID	Low	10

Judul Laporan	Target Website	Kategori	Severity	Score
Broken Access Control pada Halaman Transaksi - Akses Tanpa Autentikasi & Eksekusi Aksi Sensitif	bertani.my.id	BAC	Low	10

Judul Laporan	Target Website	Kategori	Severity	Score
SQL Injection	bertani.my.id	SQLi	Low	10