Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
here's some of my ideas
rick roll them
have a script just changing the css/dom randomly
megalovania
just an alert box
you are an idiot site https://piv.pivpiv.dk/ -
@terraria99 You are idiot site - I love that old site idea but I think it's not civil enough... Random alert's are boring and not as amusing.
DOM... hmm... changing color of page so it goes rainbow colourfull (like changes colours and shines).... sounds freaking cool O,,,O -
@exceptionalGuy I would <3 to do it but Im backend guy, im clueless about more advanced css stuff... For quick prototyping i lt can maybe work, for such idepth stuff.. Meh.. But I can allways do <style> with their display:flex'es changed into !important display:block's... So many possibilities...
-
@terraria99
I settled on gif shown in #1 and "warning, tactical nuke incoming <siren>" (extracted from some game) sound in background.
It was glorious. Especially that their boss hopped on the call. We also shown them all the bullshit like... if I add enough items to the cart it overflows integer that's price and I buy for negative ammount of cash which:
- grants my account items
- incerases my account balance
Best part was when we were talking to them during their demo
- "okay, can you try to buy 90000 of this product?"
- "yeah, sure... I dont know why, it's pointless but okay... wait.. whaaa.. <silence for good 2 minutes>"
- "okay, let's check out admin panel"
- "sure, so if you go to admin panel, as I will show you no.. what? WARNING TACTICAL NUKE INCOMING"
- "yeah, we are trying to tell you for few months that it's broken"
The effect was ohhh... beautyfull and extremly satisfying (maybe becouse their superior was on call for some reason)
They fixed around 60% of blockers now
when your code is a mess but everything work out in the end
When you keep getting +1s on a rant you posted a month ago.
So we ordered a piece of software from external software house becouse I was low on time and we needed it asap.
So. Long story short, their software was bugged as hell, they deny all the bugs and they have their BDD that they done and anything we say about it like "feature XYZ is broken on firefox" they will deny it "becouse it wasn't on BDD" or "let's get on call" (in which +- 6-7 people participate from their side and we of course have to pay them for this...)
So they fixed like 20% of bugs (mostly trivials/minors) Application is fairly small scope. You have integration with like 3 endpoints on arbitary API, user registration/login, few things to do in database (mainly math running from cron).
They done it in ASP so I don't know the language and enviroment so can't just fix it myself.
2 days ago (monday) they annoyed me to point where I just started to break things. For starters I found that every numeric input is vunrable to integer overflow (which is blocker). I figured most of fields are purefect opportunity to XSS (but I didn't bother to do JS... anything but not JS...). I figured I can embed into my name/surname/phone (none validated) anything in HTML...
So for now we have around 25 bugs, around 15 of them are blockers.
They figured it's somehow our fault that it's bugged and decided to do demo with us to show off how perfectly it works. I'm happy to break their demos. I figured I will register bunch users that have name - image with fixed/absolute position top:0;left:0 width/height 100% - this will effectively brick admin panel
Also I figured I can do some addotional sounds in background becouse why not. And I just dont know what to put in. It links to my server for now so I can freely change content of bricked admin panel.
I have curl's ready to execute in case they reset database.
I can put in GIFs or heck, even videos, dosen't really matter. Framework escapes some things for them so at least that. But audio/image/video works.
Now I have 2 questions:
- what image + audio combo will work the best (of course we need to keep it civil). Im thinking finding some meme with bugs or maybe nuclear logo image with some siren sound
- am I evil person?
Edit:
I havent stated this clearly:
"There is no BDD that describes that if user inserts malicious input server should deny it" - that's almost literally what we get from them....
rant
lazy
idiots
greed
question
software house