Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "login bypass"
Just found an admin portal online. There was a modal asking for password, but in background the portal was visible. ctrl + shift + i and then closed the modal.
Voila, the whole portal and actions are accessible. Seriously, who develops things like these?
I am pretty sure it's vulnerable to sqli and xss too.8
I detected a way to bypass login screen in client's website. I warned them. 48h later nothing changed...6
When I just started programming I aways added fake loading screens and hard-coded login screens to my c# applications because it looked cool..
But I also always added an invisible panel to the top right so whenever you click that it would bypass the login screen.
I had to do that because 1. I will forget that password after 2 seconds, 2. I got no time for that login screen.2
Why does Google FRP even exist?!
For everyone who doesn't know what FRP is: FRP (Factory Reset Protection) is a partition on an Android device that stores data about the last used Google account on the device. It "protects" the device to be used by a second person (or a thief) even AFTER a factory reset when executed via bootloader.
Last week I bought a HTC One A9 second-hand w/o any documents. I ensured it has been reset, so I took it home... I then wanted to set it up, as following message appeared on the screen: "This device has been reset. Please login using a Google account that has been synced with this device before."
I checked the IMEI for being blacklisted, but it wasn't. Unlocking the bootloader and erasing the frp partition is not an option, because on HTC devices you have to enable OEM unlocking in the settings first. Someone stated on a forum, that you can bypass the bootloader lock with a "RUU Image" (I'm not familiar with this so pls don't blame me for that statement). But since the phone has a branding from Vodafone Germany, I can't find a RUU Image that would flash the device without a CID mismatch...
Why the f*** does Google have to implement a feature that prevents to use the phone when bought from another person that you don't know?12