23

Gaming community of mine launched their slick new website with their new "ticket system" where people could put in tickets to get help by volunteers.

2 hours and an approval by one of the admins later I managed to inject forge http request into literally every form on that side. Modify permissions, delete users, edit tickets, put invalid values into every attribute of them... In other words break everything.
Turns out the whole thing was coded as a first time project by a person who has no clue about web development and noone is in charge of anything really. There are no requirements, no beta testing, no version control or backups, but at least they had a hard deadline. 🤣

Still not sure if I wanna fix their shit and do it properly or just enjoy seeing it crash and burn.

Comments
  • 4
    Sounds like the typical gaming community.

    I can recommend letting them crash and burn.

    But the question is, what is the better lesson for them?

    I don't think, you doing the work will teach em anything.
    Crashing teaches how to deal with failure and such stuff and might also awake the urge to becoming better and adopting stuff like Version control etc.

    At least in my case, I learned pretty much everything through failure.
  • 0
    Report it to the police.
    They will get in contact with the hosting platform if any.
    If there is no host platform, they are most probably doing it from their own devices and the police will get them through their ip address. BUT...
    "What if they use a elite proxy or VPN" you may ask. Same thing here. They contact the proxy or vpn provider and control the traffic until they find the victim's real ip.

    Since you're in complete control of the website...
    Why won't you just write a short php script that displays the server's ip, etc. Make a backdoor. Work yourself into the network this way.

    Attention:
    This is illegal! But it's still up to you ;)
  • 0
    Did you check the hoster with a whois service?
  • 1
    I ficking love this type of topics. They are rare on dR.
    Btw. Welcome to dR.
  • 0
    @-ANGRY-CLIENT- I don't think that reporting them to the authorities is that great of an idea.

    I mean, what would be the end goal here?

    Ruin their project ore even worse their future?
    Maybe even ruin yours?

    Who was it that broke into the system? Could that fall back onto you?

    I also don't think that ruining anything for them was OPs goal.

    Otherwise he probably wouldn't be a member of that community and thinking or better writing about him fixing it for them.

    @HawkCorrigan either way, good luck, much success, and welcome to devrant!
Add Comment