Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
"Should I just email this to your investor or customer list, then? This is where you get to fix these outstanding issues BEFORE someone else maliciously exploits them."
-
slaat12898yI investigated him a bit on upwork and I found out that he pays some guy 6$/hour for the coding part. Maybe the guy is doing his job for him and he is angry that I exposed him to the companies general support mail.
-
slaat12898yI'm not one to threaten. If he does not want my help, so be it. Better to have no customer than someone who is pissed at me. It seems to me that the code is shit and would need a huge amount of refactoring and he is, from what I can see, not able nor willing to afford this
-
How did you have access to the PHP file? Using an FTP account or in a more creative way?
-
slaat12898y@TktStatusPICNIC it's illegal, this is not a game
@lucas22 I saw that he is not checking user input. I could execute all kinds of stuff there -
@slaat there's a difference in good clients and the one you just seen. that kind of client needs to hit a brick wall at a buck twenty give me a hint of the site and I'll cut the brakes.
-
slaat12898y@TktStatusPICNIC wasn't ment as an insult, it's just that I do not like to play around with this kind of stuff.
-
@slaat I'll wait two weeks and give you time to get an aliby and on top of that I'll make it look like Russia is hacking them
-
@slaat but seriously you're doing right but I would report the site somewhere
-
@slaat yeah you could always see about filing a cve but I'm not sure if they would take websites if they don't someone needs to make a cve version of plaintext offenders
-
This is one of the reason why people hate PHP. Copy and Paste code from online, modify and there you go. I am a app developer now. When app gets hacked, PHP is being blamed.
-
Skipp23448y@PoweredByCoffee exactly! It just so happens more people "know" php than other languages but that same guy would've made a crap job with any other programing language.
-
@TheInitializer i'd try to find an offical channel first but as long as he didn't hack them to find the exploits and he keeps the email where they can't "call him" releasing a zero day bug, they can't do nothing about it as long as he doesn't post it on a hacking forum first
I guess that is what you get for bringing up security issues on someones website.
Not like I could read, edit or delete customer or company data...
I mean what the shit... all I did was try to help and gives me THIS? I even offered to help... maybe he got angry cause I kind of threw it in his face that the whole fucking system is shit and that you can create admin accounts with ease. No it's not a framework or anything, just one big php file with GET parameters as distinction which function he should use. One fucking file where everything goes into.
undefined
php hackerman