We’ve been contacted by HD_Breaker, a pen-tester and co-manager of Underc0de.org, with information on a security flaw in Kim Dotcom’s newly launched site, Mega.co.nz.
HD_Breacker also provided a point of concept (POC) for this bug.
To carry out this exploit, you need to go to the registration page of Mega’s site, put in false info, and click register.
Then, you will be on a page that states registration successful and you will see a button in the top right corner stating “Abort Session”. Now, press the back button on your web browser and you should be in a cloud drive.
With this bug you can also generate your own encrypted links, and have all the abilities without an account.
