Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
So In Malaysian app named MySejatera (fyi, mysejahtera is a covid tracking app) has been comprommised! hahahha someone run a while loop GET Request (yes they use GET request for sending otp, wtf) of the script to send OTP to random user found in the database , hahahahaha
https://astroawani.com/berita-malay...3 -
MySejahtera is not a good appliaction at all! They just use Sqlite or Shared Preferences in the app for keeping the data local. (Just local?) As soon as you clear cache or data, The user no longer exist! Like wtf ?
So I decompile the app and review the source code, the code is not even properly obfuscated(That's why I can read it). There's a part of the code on a for loop went
```
for (int i = 3; i < array.length(); i++)
{
for (int j = 2; i > array.length() *2; j ++ )
{
onScan();
}
}
```
Which is unacceptable!
First , why nested for loops?
Second, instead of declare 'array.length()' multiple times why not declared it global for once?
No wonder the initial state of the app is buggy as hell.8
Top Tags
Weekly Rant
View