A ecom website which sales premium gold product from 50k to 170k INR.

database : mysql
all passwords and user ID's are saved in plain text.

They know the shit gold wise and that’s enough to sell it :D

😣there should be billion dollar fines for this bullshit.

We rather fuck around with cookies banners :D

I don't understand how this shit happens. Anyone who attended any kind of schooling for anything IT or programming related should know better than to do crap like that. Is it just a case of "it takes too long, do it the fast and easy way and just store it plain" from a manager? Even then.. 🤔

@Elyz company paid 5L INR for that project before 3 years

Link please? TIA

@netikras bro can't share link here
Many expert's peoples are on thse platform who can easily exploit website.

Aren't 50k INR like 4-5 dollar?

@nitwhiz its ~$700

Domain please. (Asking for a friend)

@import-fun $700 for an ecom website 😂
what could possibly be actually right about that?

@PonySlaystation and I would like to do some err research 😏

@C0D4 bro i am talking about lowest price of product on that site is 700USD and highest price of product is 24000USD.

@import-fun oh I read that wrong then .
Still if there’s plain text passwords, I would hate to think what else is actually wrong with it.

@C0D4
without SSL + plain text password

premium products
high profile clients information

company paid $8500 before 3 years

@import-fun 😯that’s a recipe for disaster waiting to happen - ok don’t name shame, or they may get an email tonight with their DB attached 😨

You cant add let’s encrypt/
Certbot just to get you out of the woods of the SSL issues?

plus passwords... just throw a hash/salt algo in place and wipe every password out, hell generate a hash/salt with their current passwords so even users don’t notice the major change.

I’m actually frightened of signing up to any site now just based on this rant.

@import-fun i was joking.^^

whats wrong with mysql?

asking for a friend

Please tell me it is PayTm

@Elyz well one scenario could be a intern is asked to create a poc.
The intern decides that a password in plain text would suffice for the time being.
A manager only sees the front-end and is very impressed by it. He wants it put in production asap.

Intern not having a clue about the password anymore just does his work and leaves the company.

End result: an web application which has passwords in plain text

@C0D4 Let's call it first aid 🤣

I wonder... How many possible SQL injection attack vectors there would be if the starting point for security is plain text passwords.

"What is a second hand SQL injection?"
"Lol why use utf8mb4.. "
"Well the difference between our SQL servers encoding and the backend encoding is not a big deal!"

@Synti xD xD

this side is heaven for sql injection learner :D :D

Implantation of encryption needed

@EpicNewton LOL🤣🤣😂