Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
So this story is from my University days. I was in the 6th semester back then, studying CS.
My University website was pretty shitty. Basically it was one of those old ass website that said "Best viewed in IE8". Anyway, I was snooping about the website, trying to find some news regarding an event.
I logged into my account, and randomly browsed into the leave request portal. This was a basic HTML form where students could apply for leaves from the classes and see the status of the leaves, if they have been granted or not. I noticed that the link to the request portal from the student login welcome page was actually something like http://univ.com/student/index.php/..., here 1234567 was my student ID. Yep, it was hardcore into the page, and sent as a GET request on being clicked. That was their idea of authentication I guess. I change the student ID to someone else's, and it let me login as that person.
Long story short, I wrote a little python script to login as every person from the starting of student IDs, till the end, then submit a leave request with a random dumb reason like "can't come, at the strip club" or "going for sex change operation". What I did not know was that when a request is submitted, a text message is also sent to the student's guardians phone number. I ran the script.
That day, over 1000 parents received text messages from the University saying that their kids have applied for a leave from random date to random date for some retarded reason. It was a blast. Students were talking about how someone had "Hacked" into the system.4 -
I got a contract with this schools to build a student portal,
I do all the needful and the project whatever guy insists that I use their current shared hosting to host this MERN stack application.
first of all, cPanel is my least favorite place when it comes to deploying, I actually dont do deploying I just hand it over to whoever is the IT guy there.
I discovered there's no provision for nodejs in their current plan, I go through all the stress of contacting the shitty customer support and the process of squeezing out useful information from them.
I'm only doing this because the project whatever has refused to pay me until their site is deployed. throughout the process of creating this project I had setup continous deployment on heroku and netlify and I had to beg this guy to look at the changes and review them.
well, today I asked the former guy that built the current site for the login details to the schools dashboard on the hosting providers site and he says he used his personal details for it, according to him projects from other organizations are there too.
I swear I'm going to loose my shit, freelancing sucks3
Top Tags
Weekly Rant
View