Learn More
Resend Email
26
AshesOfTheSun
3y

An adult cam website I worked on as freelancer had/has this code everywhere:
$user = $_POST['usr'];
$pass = $_POST['pwd'];
$row = $db->query ("SELECT * FROM users where username='".$user."' AND password='".$pass."' COUNT 1);

I was hired to add new features and was touch any other parts of the code. When my job was done, I tried to fix those as a good samaritan but the client thought I was messing with the system or should be thing of new features to add. So I got fired.

5 years later, I check out of curiosity and they are still there. I ask him again if I can work on them for a little less pay(I'm broke) and he doesn't reply. What a douche. I hope his site receives a shot of SQLi from a customer.

question
Favorite
Ranter
Comments
  • 6
    3y
    Not even using a framework smh. Why not tell them they have vulnerabilities instead of touching them without asking?
  • 4
    3y
    Now you can't attack them by SQL injection or they will accuse you of breaking it, send a written explanation to any technical person in the company.
  • 4
    3y
    Weren't you able to explain what you were trying to fix at the time?
  • 7
    3y
    Id almost tell you to exploit this yourself
  • 9
    3y
    Plain text passwords and unparameterized SQL queries?

    Hackers:
  • 0
    3y
    @alexbrooklyn the guy was offline most of the time. I thought I would impress him and get a semi-permanent job.
  • 1
    3y
    @theabbie Of course I'll never do that and sincerely hope nobody does. Everything will point back at me especially since I wrote to him about it.
  • 1
    3y
    @electrineer I did. But, he told me he doesn't care. All he cares if his "models" can sign up with a single password! The main problem was the server had too much traffic during weekends and 7 cron jobs were running constantly that fetch information from another website.
  • 0
    3y
    @Tonnoman0909 No way, and I would tell you even if you know, that, never fuck with your previous employers webshit. You will be found out. A lost opportunity is always preferred over being Bubbas new toy in prison.
  • 0
    3y
    @molaram Don't want to go to jail over a lost opportunity.

    Your second point is a fact. He words were exactly " I don't give a fuck about that" when i explained everything 30 minutes before losing the gig.
  • 0
    3y
    @molaram destruction of property.
  • 1
    3y
    Listen man, you have to create your own opportunities, send an email asking to fix it for a good amount of money.

    Then break it, then wait for the email confirmation, collect money.
  • 1
    3y
    @molaram only if you think it is
  • 1
    3y
    @mundo03 @molaram When all doors are closed for you, one door always remains open. The devil's door. A certain party may or may not use a certain set of skills on a certain someone in the near future.
  • 1
    3y
    @AshesOfTheSun I would mostly say to do it in a way that makes them realise how bad it is. But if they're that ignorant, they likely will just end up confronting you in court and change nothing about the infrastructure sooo probably best to leave it alone
  • 1
    3y
    @Tonnoman0909 Yea, just asked him and his reply was "I didn't notice any issues". Just gonna leave this alone.
  • 3
    3y
    I second the demand for the link of the website! I want to watch porn but couldn't find any on the webs, thx.
  • 1
    3y
    @molaram @scum-master I am morally and ethically opposed to sharing other people's private data for free. If you catch my drift ;-)
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment