Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@alexbrooklyn Who carres about security ?
Just do like Apple, facebook and co : Store passwords in plain text ! Free advertisement ! -
@R1100 too soon ? ;p Oh I forgot Capital One in the list.
But to be fair, I had a similar bug once.
Just AFTER we deployed Application Insights : One week later I saw that user passwords were logged in logs in plain text. As App Insights record the body of all POST requests, password was there :)
To solve it, I excluded "bodY' recording from login attempts. But for a week, we had some of users passwords in plain text. -
R-C-D157495y@NoToJavaScript well the attacker can still get the user passwords within the network
-
@R1100 It’s SSL (Like any website). So yeah, attacker can do the same as any other website
Application insight could log passwords in text because it’s running after SSL layer. -
R-C-D157495y@NoToJavaScript
You won on this one !
But still evil twin and mitm works .
Or maybe hacking the routers and redirecting the traffic. -
@R1100 Ofcause it works !
I can’t believe how 75% of websites don’t implement basic things.
We are in 2019 and I can guaranty you, I can find a web site with open SQL Injections in like 10 minutes.
Couple of years ago I even made a scrip which was googling for “admin.asp” and then just tests forms for injections. Out of 10000 sites, 1500 were susceptible. And in this 1500, there were 1 credit card processor. -
@R1100 It's so fun to do.
I went to implement a full DB dump, if injection were possible ;p
Now I need to find this code. -
@R1100 No, my script was specifically targeting VERY old website (admin.asp, not aspx). There are still plenty lol ! These sites don’t even know what “captcha” is.
-
@R1100 Here,
Took me 1 min to find one
https://utech.edu.jm/seac/admin.asp
Have fun with SQL injections
Should I develope an app to make some money
Or learn some cool things about security
Or maybe both ?
question
i want it all !