Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@2erXre5 Network wise we have a solid team, so none of this stuff is externally accessible without jumping through many hoops. And decode the string :)
-
-
@2erXre5 oh fuck i meant to say email not ip.. fuck my brain. not even simple tasks like that..
-
@delegate212 in a few months you're gonna regret posting this :v
-
@inaba Why?
Frontend-developer's day is like:
*moving element by 0.0001px to right*:
- *10 new pages appeared*
- *tex...
Manager: Hey, how are things with everything thats been going on? Hows the mood?
Me:
Right now
We have a portal which uses Windows Integrated auth that lists out all off our internal sites.
Navigating to any of these produces a URL like the one in the attached image.
Turns out all our internal application use a base64 encoded email address in the query string as the means of authentication.
So, anyone can authenticate themselves as another employee within the company by simply changing the query param value to said employees email address.
Fucking nuts.
rant
done
right
auth