7

- why did you enter test data text value with this <script> html? Don't do that. Use normal text

this is something I've never expected to hear from a php/react dev.... I'm truly disappointed. I really am.

On top of that he refused to follow my recommendations to google: "xss". Another teammate had to google for him and drop a link.

Just when I was about to like working with this guy.... :(

Comments
  • 5
    "Oh yeah sure, I'll do that next time! And you better goddamn pray that any malicious actor coming by will be 'nice' and not do this either since its not a nice thing to do because those people have great ethics/morals!"

    Aaaaaaand this, my people, is how you get motherfucking compromised.
  • 0
    Did you test SQL injections as well?
  • 1
    As per @sbiewald
    I'm just going to leave this here.

    http://sqlmap.org/

    Anytime I put up a new route, I bash the shit out of it.
  • 1
    @sbiewald prepared statements. No raw queries in the house
  • 1
    @netikras At least this was done right.
Add Comment