posts/taking-down-big-laundry/ #11
giscus[bot]
bot
Replies: 3 comments 2 replies
-
|
Hello! |
Beta Was this translation helpful? Give feedback.
-
|
It's a little hard for us to actually release guides on how to actually do it since it opens up for us to be liable for anything done to the systems - i.e. the company can say we're encouraging the act of hacking into their systems, which normally people on the internet don't care about, but given we're a university affiliated organization, its a path I'd rather not take |
Beta Was this translation helpful? Give feedback.
-
|
Looks like they've since updated it. Careful with using your own account to send the request. It seems like they block the account if they can detect that you're not doing it through the app. |
Beta Was this translation helpful? Give feedback.
-
|
I'd like to say I did this and found out the amount=0 meme on jan 18th 2024. Good job on finding the money loading method though. Did not expect that. Also did not know of swagger, I just found the endpoints from static analysis |
Beta Was this translation helpful? Give feedback.
-
|
also, yeah its quite disgusting how much small companies ignore this sort of stuff. :(. Big companies also do this too though so that doesn't really change. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
posts/taking-down-big-laundry/
This is a more technical continuation of the article we had with TechCrunch on the machines we found security flaws in. Not every day do you pwn the largest commercial network of laundry appliances in the United States! This article is purely educational and to inspire any future security researchers who want to investigate everyday products they use.
https://slugsec.ucsc.edu/posts/taking-down-big-laundry/
Beta Was this translation helpful? Give feedback.
All reactions