Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Not even using a framework smh. Why not tell them they have vulnerabilities instead of touching them without asking?
-
Now you can't attack them by SQL injection or they will accuse you of breaking it, send a written explanation to any technical person in the company.
-
@alexbrooklyn the guy was offline most of the time. I thought I would impress him and get a semi-permanent job.
-
@theabbie Of course I'll never do that and sincerely hope nobody does. Everything will point back at me especially since I wrote to him about it.
-
@electrineer I did. But, he told me he doesn't care. All he cares if his "models" can sign up with a single password! The main problem was the server had too much traffic during weekends and 7 cron jobs were running constantly that fetch information from another website.
-
@Tonnoman0909 No way, and I would tell you even if you know, that, never fuck with your previous employers webshit. You will be found out. A lost opportunity is always preferred over being Bubbas new toy in prison.
-
@molaram Don't want to go to jail over a lost opportunity.
Your second point is a fact. He words were exactly " I don't give a fuck about that" when i explained everything 30 minutes before losing the gig. -
mundo0349793yListen man, you have to create your own opportunities, send an email asking to fix it for a good amount of money.
Then break it, then wait for the email confirmation, collect money. -
@mundo03 @molaram When all doors are closed for you, one door always remains open. The devil's door. A certain party may or may not use a certain set of skills on a certain someone in the near future.
-
Tonnoman6263y@AshesOfTheSun I would mostly say to do it in a way that makes them realise how bad it is. But if they're that ignorant, they likely will just end up confronting you in court and change nothing about the infrastructure sooo probably best to leave it alone
-
@Tonnoman0909 Yea, just asked him and his reply was "I didn't notice any issues". Just gonna leave this alone.
-
I second the demand for the link of the website! I want to watch porn but couldn't find any on the webs, thx.
-
@molaram @scum-master I am morally and ethically opposed to sharing other people's private data for free. If you catch my drift ;-)
An adult cam website I worked on as freelancer had/has this code everywhere:
$user = $_POST['usr'];
$pass = $_POST['pwd'];
$row = $db->query ("SELECT * FROM users where username='".$user."' AND password='".$pass."' COUNT 1);
I was hired to add new features and was touch any other parts of the code. When my job was done, I tried to fix those as a good samaritan but the client thought I was messing with the system or should be thing of new features to add. So I got fired.
5 years later, I check out of curiosity and they are still there. I ask him again if I can work on them for a little less pay(I'm broke) and he doesn't reply. What a douche. I hope his site receives a shot of SQLi from a customer.
question