Learn More
Resend Email
74
someonewithpc
7y

I was registering for a website, and on a whim, I used this as my username:
null'); PRINT('Hello');--

And sure enough, the login system went down. The next day it was still down, so I went to Twitter to tell the people running the site that this was why, but to my surprise, I see them saying they had been hacked.
Based on the timing, I'm pretty sure they're referring to this, but they are saying user info was stolen. *facepalm*
They later said they stored passwords salted with a fixed salt and hashed with fucking md5, at which point I was glad not to have done any more business with them.

How incompetent can these fucking people be?!

undefined

sql injection

incompetent devs
Favorite
Ranter
Comments
  • 54
    7y
    Wow, that's pretty bad. Everyone knows you should encrypt passwords with base64.
  • 1
    7y
    Ahahaha
  • 1
    7y
    What's the name of aforementioned company?
  • 3
    7y
    @ctmalloy Prefer not to tell, just in case ;)
  • 3
    7y
    @serpent5 Rot-13 is way more secure. Nobody can figure that shit out!
  • 3
    7y
    This is just gold...some real security experts on here!
  • 0
    7y
    A website just came down and the story is quite the same you are telling. Maybe it's an Spanish website? A website that other people copied now that the original is down and everything is the same except the color that changed from green to red? Because I knew that site was made like garbage, but not that much.
  • 1
    7y
    @CristCD It might _not_ be ;) Just don't say it, please.
  • 0
    7y
    That was you?
  • 2
    7y
    Don't encrypt them. So no matter how hard they try to decrypt it, they'll fail.
  • 1
    7y
    Wait, I'm confused.

    If you left after crashing the site, why are they saying that info got stolen? It's not hard to look through MySQL logs... it couldn't have been you!
  • 1
    7y
    @arturgrigio I know! That's the thing, I think they just saw it was down and assumed everything was compromised, which is not a bad heuristic, but you should actually check.
  • 3
    7y
    @CristCD OK, I did some more reading, and it seems there _was_ an actual hack that stole user information which was later used to create a clone of the original site. This really weakens my story though.. :(

    Anyway, it is still weird how these two events were so close in time, so I don't know what happened...
  • 2
    7y
    @someonewithpc There were already pages before that used this site as a backend because the security is garbage. I know because I made an app for this site scraping the html and replicating some requests.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment