506
adracea
7y

So...Today I found an SQLI (sql injection , google if you're not aware) in one of our products , I start exploring it , I get my trusty Kali on me workstation . sqlmap etc. Tell my manager it's a true positive... I start exploring the db , half the devs at my manager's place start staring at his screen as I proper fuck a QA db server... I hear a qa guy mention triangulation as sqlmap dumps a uid table in his face . I hear my manager's manager saying 'this has been in our app for so long and we found it just now ? Who found it ?' *manager proudly saying me name* 'He's still working this late ?' ...apparently now my trip to england is getting covered for both me and me gf by the company...

Comments
  • 81
    Oh man something like this is a dream for me! Congratz!
  • 60
    Well done! 😃
    Cool that you have such understanding bosses.
  • 20
    I agree with @linuxxx on this one - that is a *literal* dream. I dare not even hope to do something that ridiculously awesome. Good for you, man!
  • 46
    @linuxxx man it felt like someone was broadcasting me doing a live hack on bbc news :)) It was fun and frustrating at the same time...mid session I even screenlocked for 5 mins to get a coffee and some water , when I came back most everyone was still there...which is more than I can say about my game streaming career where my single and most trusted viewer is my phone :))
  • 10
    @linuxxx finding a true positive sqli or being all 'now hacking live for the company....' ? Because finding an sqli in an app you already have in production and delivered is scary af no matter how epic the finding is :))
  • 3
    woha well done not all the managers are same when i found that on our company website they said keep concentrate on your not on these ,, hunh
  • 7
    @adracea Seems like something Gilfoyle from Silicon Valley would do.
    (Your avatar) 😜
    Congratulations
  • 1
    Welcome to England 😎
  • 4
    @Faraaz now that you mention it , I strongly think of just playing the What The fuck Gilfoyle does video whenever a colleague asks me about what exactly I do as product security...even though it sounds a bit too rockstarish
  • 0
    @adracea haha that's great!
  • 2
    Good job hackerman!
  • 0
    @masterdoctor me too 😅
  • 1
    Did the same thing. Got interrogated and more work to do.
  • 8
    @develrant I've found a couple more things since I've posted this...in a few hours I have to share my findings to the whole security team and there's a new guy in another country whom seems rather sceptical towards me...I might have to bitchslap some hakuna matata into him
  • 0
    @adracea "hakuna matata" 😂😂😂 Yay! For the discovery and Nay(????) for the sqli!
  • 0
    Well done! And nice boss
  • 0
    @adracea thumbs up, and well done....
  • 0
    @makhan ha ha ha ha, that is true abt managers.

    I had adviced my previous Company abt disclaimers, privacy policy and terms for an Android App. The manager told me, we will give that work to the marketing team coz they are good writers than me.....and that i shouldnt find excuses of not doing my job

    Too bad the app is threatned to be removed on playstore because it hasnt stated the use of some user data.....
Add Comment