Learn More
Resend Email
25
Dumbest security bug you've seen?
Week 234 Group Rant
Voxera
4y

If you discount all the usual sql injections the most blatant was not our but a system one customer switched to after complaining over cost.

The new system was a bit more bare bones featurewize but the real gem was the profile page for their customers.

The only security was an id param pointing to the users primary key, which was an auto incrementing integer :)

And not only could you access all customer data but you could change it to.

But since the new system was built by their it chief’s son we realized it was not much we could do.

rant

wk234
Favorite
Ranter
Comments
  • 7
    4y
    Share the site with us. I promise not to see any data, just modify it.

    You'll get a better IT Chief.
  • 4
    4y
    @sudo-compile sorry, it was about 16 years ago and after a few years and a new it boss they changed to another us based service that did not have this vulnerability.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment