Buat akun baru di situs OSS. Lah, passwordnya ✨bocor✨ via email.
alterine (@alterine)
Published on tales from the roothouse #investigasi #kebocoran-data
OSS (oss.go.id) atau yang dikenal sebagai Online Single Submission adalah sistem pendaftaran dan manajemen perijinan usaha yang dikelola oleh Kementerian Investasi / BKPM Republik Indonesia.
Artinya, kalau mau bikin UMKM baru secara sah/legal, daftarnya langsung dari OSS kan?
Oke, kita bikin akun baru, konfirmasinya pakai email aja deh. Pas pendaftaran sudah selesai, gw malah dikirimin tipikal email yang pasti bakal gw buang dari sejarah per-emailan kita:
Ada yang salah di sini? Perasaan, tadi passwordnya gw masukkin seperti ini:
Password: ••••••••••••••••••••••••••••
Dan yang paling parah password yang harusnya secret ini juga terekspos secara plaintext. Artinya, setiap server email (baik servernya OSS dan juga server email kalian) dapat menyimpan password dan hak akses OSS secara sekejap!
Kok bisa? Coba cari kata $$W0Y$$p455w0rdny4$$B@C@R!!! atau bahkan Password dari payload asli email yang satu ini (beberapa headers disembunyikan):
Content-Type: text/html; charset=us-ascii
From: Online Single Submission <[email protected]>
Subject: Registrasi Hak Akses Sistem OSS
To: [email protected]
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Reply-To: [email protected]
Content-Length: 15205
<!DOCTYPE html>
<html>
<head>
<meta name=3D"viewport" content=3D"width=3Ddevice-width">
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8=
">
<title>OSS - Kementerian Investasi/BKPM</title>
<style>
@media only screen and (max-width: 620px) {
table[class=3D"body"] h1 {
font-size: 28px !important;
margin-bottom: 10px !important;
}
table[class=3D"body"] p,
table[class=3D"body"] ul,
table[class=3D"body"] ol,
table[class=3D"body"] td,
table[class=3D"body"] span,
table[class=3D"body"] a {
font-size: 16px !important;
}
table[class=3D"body"] .wrapper,
table[class=3D"body"] .article {
padding: 15px !important;
}
table[class=3D"body"] .content {
padding: 0 !important;
}
table[class=3D"body"] .container {
padding: 0 !important;
width: 100% !important;
}
table[class=3D"body"] .main {
border-left-width: 0 !important;
border-radius: 14px 14px 0 0 !important;
border-right-width: 0 !important;
}
table[class=3D"body"] .btn table {
width: 100% !important;
}
table[class=3D"body"] .btn a {
width: 100% !important;
}
table[class=3D"body"] .img-responsive {
height: auto !important;
max-width: 100% !important;
width: auto !important;
}
}
@media all {
.ExternalClass {
width: 100%;
}
.ExternalClass,
.ExternalClass p,
.ExternalClass span,
.ExternalClass font,
.ExternalClass td,
.ExternalClass div {
line-height: 100%;
}
.apple-link a {
color: inherit !important;
font-family: inherit !important;
font-size: inherit !important;
font-weight: inherit !important;
line-height: inherit !important;
text-decoration: none !important;
}
#MessageViewBody a {
color: inherit;
text-decoration: none;
font-size: inherit;
font-family: inherit;
font-weight: inherit;
line-height: inherit;
}
.btn-primary table td:hover {
background-color: #034ea9 !important;
}
.btn-primary a:hover {
background-color: #034ea9 !important;
border-color: #034ea9 !important;
}
}
</style>
</head>
<body class=3D"" style=3D"background-color: #fafafa; font-family: system-=
ui, -apple-system, 'Segoe UI', Roboto, Helvetica,
Arial, sans-serif; -webkit-font-smoothing: antialiased; font-size=
: 14px; line-height: 1.6; margin: 0; padding: 0; -ms-text-size-adjust: 100%=
; -webkit-text-size-adjust: 100%; border-bottom: 24px solid #9b1f15;">
<span class=3D"preheader" style=3D"color: transparent; display: none; h=
eight: 0; max-height: 0; max-width: 0; opacity: 0; overflow: hidden; mso-hi=
de: all; visibility: hidden; width: 0;">Terima kasih <b><span style=3D"colo=
r: #034ea9">ALTERINE</span></b> telah
melakukan aktivasi.</span>
<table role=3D"presentation" border=3D"0" cellpadding=3D"0" cellspacing=
=3D"0" class=3D"body" style=3D"border-collapse: separate; mso-table-lspace:=
0pt; mso-table-rspace: 0pt; background-color: #fafafa; width: 100%;" width=
=3D"100%" bgcolor=3D"#fafafa">
<tr>
<td style=3D"font-family: sans-serif; font-size: 14px; vertical-ali=
gn: top;" valign=3D"top"> </td>
<td class=3D"container" style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top; display: block; max-width: 650px; padding: 20p=
x; margin: 0 auto;" valign=3D"top">
<div class=3D"content" style=3D"box-sizing: border-box; display: =
block; margin: 0 auto; max-width: 650px; padding: 20px;">
<!-- START HEADER -->
<div class=3D"header">
<table role=3D"presentation" border=3D"0" cellpadding=3D"0" c=
ellspacing=3D"0" style=3D"border-collapse: separate; mso-table-lspace: 0pt;=
mso-table-rspace: 0pt; width: 100%;" width=3D"100%">
<tr>
<td class=3D"content-block" style=3D"font-family: sans-se=
rif; font-size: 14px; vertical-align: top; padding-bottom: 10px; padding-to=
p: 10px;" valign=3D"top">
<img src=3D"https://oss.go.id/email-assets/logo_oss_new=
.png" alt=3D"OSS" height=3D"55" border=3D"0" style=3D"-ms-interpolation-mod=
e: bicubic; max-width: 100%; border: 0; outline: none; text-decoration: non=
e; display: block; margin-bottom: 20px;">
</td>
</tr>
</table>
</div>
<!-- END HEADER -->
<!-- START CENTERED WHITE CONTAINER -->
<table role=3D"presentation" class=3D"main" style=3D"border-col=
lapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; background: =
#ffffff; border-radius: 24px; width: 100%; box-shadow: 0px 0px 22px rgba(0,=
0, 0, 0.1); border: 1px solid #EEEEEE;" width=3D"100%">
<!-- START MAIN CONTENT AREA -->
<tr>
<td class=3D"wrapper" style=3D"font-family: sans-serif; fon=
t-size: 14px; vertical-align: top; box-sizing: border-box; padding: 35px;" =
valign=3D"top">
<table role=3D"presentation" border=3D"0" cellpadding=3D"=
0" cellspacing=3D"0" style=3D"border-collapse: separate; mso-table-lspace: =
0pt; mso-table-rspace: 0pt; width: 100%;" width=3D"100%">
<tr>
<td style=3D"font-family: sans-serif; font-size: 14px=
; vertical-align: top;" valign=3D"top">
<table cellspacing=3D"5px" cellpadding=3D"0" style=
=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt=
; width: 100%;" width=3D"100%">
<tr>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top;" valign=3D"top">
Terima kasih<b><span style=3D"color: #034ea9"=
> ALTERINE </span></b>telah melakukan aktivasi.
</td>
</tr>
</table>
<table role=3D"presentation" border=3D"0" cellspaci=
ng=3D"5px" cellpadding=3D"0" style=3D"border-collapse: separate; mso-table-=
lspace: 0pt; mso-table-rspace: 0pt; width: 100%; margin-top: 16px; margin-b=
ottom: 16px;" width=3D"100%">
<tr>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top; background-color: #f7f7f7; padding: 12px 30px;=
border-radius: 24px 0 0 24px;" bgcolor=3D"#f7f7f7" valign=3D"top">
Username
</td>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top; background-color: #f7f7f7; padding: 12px 30px;=
border-radius: 0 22px 22px 0;" bgcolor=3D"#f7f7f7" valign=3D"top">
<b>alterine01013102022y</b>
</td>
</tr>
<tr>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top; background-color: #f7f7f7; padding: 12px 30px;=
border-radius: 24px 0 0 24px;" bgcolor=3D"#f7f7f7" valign=3D"top">
Password
</td>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top; background-color: #f7f7f7; padding: 12px 30px;=
border-radius: 0 22px 22px 0;" bgcolor=3D"#f7f7f7" valign=3D"top">
<b>$$W0Y$$p455w0rdny4$$B@C@R!!!</b>
</td>
</tr>
</table>
<table cellspacing=3D"5px" cellpadding=3D"0" style=
=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt=
; width: 100%;" width=3D"100%">
<tr>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top;" valign=3D"top">
Silakan login pada sistem
<a href=3D"https://ui-login.oss.go.id/login/"=
target=3D"_blank" style=3D"color: #034ea9; text-decoration: none;">Online =
Single Submission (OSS)</a>
dengan menggunakan username dan password di a=
tas.
Untuk mengetahui tata cara pengajuan Perizina=
n
Berusaha, klik
<a href=3D"http://oss.go.id/" style=3D"text-d=
ecoration: underline; color: #034ea9;">tautan ini</a>.
</td>
</tr>
</table>
<table style=3D"border-collapse: separate; mso-tabl=
e-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; margin-top: 14px;" width=
=3D"100%">
<tr>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top;" valign=3D"top">
Jika anda tidak melanjutkan proses pengajuan
Perizinan Berusaha dalam jangka waktu 30 (tig=
a
puluh) hari, maka sistem akan membatalkan hak
akses Anda secara otomatis.
</td>
</tr>
<tr>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top;" valign=3D"top">
<br><b>Salam,</b><br>Lembaga OSS - Kementeria=
n
Investasi/BKPM
</td>
</tr>
<tr>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top;" valign=3D"top"><hr style=3D"border: 0; border=
-bottom: 1px solid #e6e7e8; margin: 24px 0;"></td>
</tr>
</table>
<table style=3D"border-collapse: separate; mso-tabl=
e-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;" width=3D"100%">
<tr>
<td width=3D"50" style=3D"font-family: sans-ser=
if; font-size: 14px; vertical-align: top;" valign=3D"top">
<img src=3D"https://oss.go.id/email-assets/ic=
on_whatsapp.png" alt=3D"OSS" width=3D"36" height=3D"36" border=3D"0" style=
=3D"-ms-interpolation-mode: bicubic; max-width: 100%; border: 0; outline: n=
one; text-decoration: none; display: inline-block; vertical-align: middle; =
margin: 4px 0;">
</td>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: middle;" valign=3D"middle">+628116774642</td>
</tr>
<tr>
<td width=3D"50" style=3D"font-family: sans-ser=
if; font-size: 14px; vertical-align: top;" valign=3D"top">
<img src=3D"https://oss.go.id/email-assets/ic=
on_message.png" alt=3D"OSS" width=3D"36" height=3D"36" border=3D"0" style=
=3D"-ms-interpolation-mode: bicubic; max-width: 100%; border: 0; outline: n=
one; text-decoration: none; display: inline-block; vertical-align: middle; =
margin: 4px 0;">
</td>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: middle;" valign=3D"middle">
[email protected]
</td>
</tr>
<tr>
<td width=3D"50" style=3D"font-family: sans-ser=
if; font-size: 14px; vertical-align: top;" valign=3D"top">
<img src=3D"https://oss.go.id/email-assets/ic=
on_location.png" alt=3D"OSS" width=3D"36" height=3D"36" border=3D"0" style=
=3D"-ms-interpolation-mode: bicubic; max-width: 100%; border: 0; outline: n=
one; text-decoration: none; display: inline-block; vertical-align: middle; =
margin: 4px 0;">
</td>
<td style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: middle;" valign=3D"middle">
Jalan Jenderal Gatot Subroto No. 44<br>
Jakarta 12190<br>
Indonesia
</td>
</tr>
</table>
<table style=3D"border-collapse: separate; mso-tabl=
e-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; margin-top: 24px;" width=
=3D"100%">
<tr>
<td align=3D"center" style=3D"font-family: sans=
-serif; font-size: 14px; vertical-align: top;" valign=3D"top">
<a href=3D"https://www.instagram.com/oss.go.i=
d/" target=3D"_blank" style=3D"color: #034ea9; text-decoration: none; margi=
n: 0 2px;">
<img src=3D"https://oss.go.id/email-assets/=
icon_instagram.png" alt=3D"OSS" width=3D"32" height=3D"32" border=3D"0" sty=
le=3D"-ms-interpolation-mode: bicubic; max-width: 100%; border: 0; outline:=
none; text-decoration: none; display: inline-block;">
</a>
<a href=3D"https://www.facebook.com/OSS-Indon=
esia-109055061289447" target=3D"_blank" style=3D"color: #034ea9; text-decor=
ation: none; margin: 0 2px;">
<img src=3D"https://oss.go.id/email-assets/=
icon_facebook.png" alt=3D"OSS" width=3D"32" height=3D"32" border=3D"0" styl=
e=3D"-ms-interpolation-mode: bicubic; max-width: 100%; border: 0; outline: =
none; text-decoration: none; display: inline-block;">
</a>
<a href=3D"https://twitter.com/OSS_id" target=
=3D"_blank" style=3D"color: #034ea9; text-decoration: none; margin: 0 2px;"=
>
<img src=3D"https://oss.go.id/email-assets/=
icon_twitter.png" alt=3D"OSS" width=3D"32" height=3D"32" border=3D"0" style=
=3D"-ms-interpolation-mode: bicubic; max-width: 100%; border: 0; outline: n=
one; text-decoration: none; display: inline-block;">
</a>
<a href=3D"https://www.youtube.com/channel/UC=
NNpwT4AJJGNbHytdB5iNgA" target=3D"_blank" style=3D"color: #034ea9; text-dec=
oration: none; margin: 0 2px;">
<img src=3D"https://oss.go.id/email-assets/=
icon_youtube.png" alt=3D"OSS" width=3D"32" height=3D"32" border=3D"0" style=
=3D"-ms-interpolation-mode: bicubic; max-width: 100%; border: 0; outline: n=
one; text-decoration: none; display: inline-block;">
</a>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<!-- END MAIN CONTENT AREA -->
</table>
<!-- END CENTERED WHITE CONTAINER -->
</div>
</td>
<td style=3D"font-family: sans-serif; font-size: 14px; vertical-ali=
gn: top;" valign=3D"top"> </td>
</tr>
</table>
</body>
</html>Kalau kamu adalah robot yang setia membaca email dan HTML, kalian bisa langsung mengekstrak password yang sama dengan:
- Cek apa pengirimnya dari alamat email OSS (regexin aja
/<noreply\[email protected]>/), - Parse HTML
- Cari
<table>yang ke-5, - Untuk masing-masing
<tr>ekstrak<td>yang ke-1
Dan kalau kamu adalah robot yang bekerja di balik Gmail, Yahoo! Mail, Outlook.com dan lainnya, selamat! Kamu mendapatkan 🎫 tiket emas untuk membocorkan data login jutaan UMKM dan perusahaan yang mendaftarkan diri di OSS🤘
Meanwhile...
Pertama-tama, Reinhart akhirnya punya NPWP 3 minggu sebelum si Ghozali punya juga. Good, biar akun @reinhart1010 ga disemprit sama akun @DitjenPajakRI di Twitter.
Lalu, kita memang lagi diskusi untuk bikin perusahaan baru. Mungkin namanya PT. Satu Orang Saja, bisa juga yang lain. Tujuan awalnya sih biar kita bisa gabungin produk/website seperti BINUS Today ke sistem pembayaran (payment gateway) seperti Midtrans. Tapi, setelah dipikir-pikir, mantul juga ya kalau kita bisa bikin perusahaan yang 90% di-manage sama kita. Eh, maksudnya, para robot tercinta! 🦾
Update 31/1/2022
Data pribadi Indonesia bukan bocor, tapi open source.
