Learn More
Resend Email
67
hindsight2020
7y

I... uhm... I... I can't... I ... I can't even.... THIS IS LIVE IN THE CLIENT'S SITE WHERE ANYONE CAN CREATE A LOGIN WITH NO VERIFICATION WHATSOEVER AND SEE THIS WHICH IS LINKED TO A BIG RED BUTTON THAT RESETS THE WHOLE DATABASE, YOU FUCKING DUMB PIECE OF SHIT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

// This event clears the entire solution in all active clients, truncates the database and also removes any stored PDFs in the server folder
$(document).on('click', '#resetDB', function () {
// This event only happens if the user correctly enters the password, this is to prevent other users than the admin from performing this action
var answer = prompt("Please enter the password required to perform this action.");
if(answer == "-REDACTEDBECAUSEHOLYSHIT-") {
socket.emit('resetDB');
} else {
alert("The password is incorrect, please try again!");
}
});

AAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH!!!!111!!1!!11!1!!1!1one!one!!!11

(I'm not inventing this, even though the "site" is internal only and not accessible through the web. That does *not* make it any less stupid!)

rant

about as smart as my chair

"security"

js

webdev
Favorite
Ranter
Comments
  • 3
    7y
    🤦🏼‍♂️
  • 11
    7y
    I feel like devrant failed on this one, the image is way too big and the text is cut. #failrant
  • 5
    7y
    This is terrible. Frightening. Terribly frightening.
    ...
    So did someone click the button? That's the only way this story could get any better.
  • 5
    7y
    I find your tag offensive. My chair is much smarter than this shit.
  • 5
    7y
    @Bitwise I KNOW! I've done a bad thing and I feel bad. I've soiled our haven of piece and perfection and now I'm going to go rant on it. In 2 hours. Because I just ranted. Goddammit.
  • 2
    7y
    @hindsight2020 If you ever wanted to leave that company, be sure to forward the internal site to the public internet, that would yield... interesting... events!
  • 4
    7y
    @DRSDavidSoft

    - downloads ngrok

    - creates anonymous account through proxy

    - sends ngrok url to a couple hackers

    But they all laughed at it SO HARD that they couldn't breathe, and then decided it was not enough of a challenge and they took pity on the poor client.

    Obviously this didn't and will never happen but I smile at the thought.
  • 5
    7y
    "incoming missile attack. This is not a drill"
  • 1
    7y
    @Bitwise I'm happy I helped you discover it! Ngrok is, indeed, a tool to behold. To hell with firewalls, this is how we do this.
  • 1
    7y
    I use localtunnel.me. Haven't compared it with ngrok yet.
  • 1
    7y
    This is pretty pathetic.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment