63

A ecom website which sales premium gold product from 50k to 170k INR.

database : mysql
all passwords and user ID's are saved in plain text.

Comments
  • 8
    They know the shit gold wise and that’s enough to sell it :D
  • 9
    😣there should be billion dollar fines for this bullshit.
  • 4
    We rather fuck around with cookies banners :D
  • 5
    I don't understand how this shit happens. Anyone who attended any kind of schooling for anything IT or programming related should know better than to do crap like that. Is it just a case of "it takes too long, do it the fast and easy way and just store it plain" from a manager? Even then.. 🤔
  • 1
    @Elyz company paid 5L INR for that project before 3 years
  • 4
    Link please? TIA
  • 0
    @netikras bro can't share link here
    Many expert's peoples are on thse platform who can easily exploit website.
  • 0
    Aren't 50k INR like 4-5 dollar?
  • 1
  • 4
    Domain please. (Asking for a friend)
  • 4
    @import-fun $700 for an ecom website 😂
    what could possibly be actually right about that?

    @PonySlaystation and I would like to do some err research 😏
  • 3
    @C0D4 bro i am talking about lowest price of product on that site is 700USD and highest price of product is 24000USD.
  • 1
    @import-fun oh I read that wrong then .
    Still if there’s plain text passwords, I would hate to think what else is actually wrong with it.
  • 3
    @C0D4
    without SSL + plain text password

    premium products
    high profile clients information

    company paid $8500 before 3 years
  • 6
    @import-fun 😯that’s a recipe for disaster waiting to happen - ok don’t name shame, or they may get an email tonight with their DB attached 😨

    You cant add let’s encrypt/
    Certbot just to get you out of the woods of the SSL issues?

    plus passwords... just throw a hash/salt algo in place and wipe every password out, hell generate a hash/salt with their current passwords so even users don’t notice the major change.

    I’m actually frightened of signing up to any site now just based on this rant.
  • 2
    @import-fun i was joking.^^
  • 3
    whats wrong with mysql?

    asking for a friend
  • 1
    Please tell me it is PayTm
  • 2
    @Elyz well one scenario could be a intern is asked to create a poc.
    The intern decides that a password in plain text would suffice for the time being.
    A manager only sees the front-end and is very impressed by it. He wants it put in production asap.

    Intern not having a clue about the password anymore just does his work and leaves the company.

    End result: an web application which has passwords in plain text
  • 4
    @C0D4 Let's call it first aid 🤣

    I wonder... How many possible SQL injection attack vectors there would be if the starting point for security is plain text passwords.

    "What is a second hand SQL injection?"
    "Lol why use utf8mb4.. "
    "Well the difference between our SQL servers encoding and the backend encoding is not a big deal!"
  • 1
    @Synti xD xD

    this side is heaven for sql injection learner :D :D
  • 0
    Implantation of encryption needed
  • 0
    @EpicNewton LOL🤣🤣😂
Add Comment