Anyone here who also got super bored while on a porn site and ended up pentesting that porn site..?

I Remember what my senior told me once:

"You know you're in the wrong job when you see source code filled with comments written by ur senior dev scolding other devs for code fuckups"

So, this incident happened with me around 2 years ago. I was pentesting one of my client's web application. They were new into the Financial Tech Industry, and wanted me to pentest their website as per couple of standards mentioned by them.

One of the most hilarious bug that I found was at the login page, when a user tries logging into an account and forgets the password, a Captcha image is shown where the user needs to prove that he is indeed a human and not a robot, which was fair enough to be implemented at the login screen.

But, here's the catch. When I checked the "view source" option of the web page, I saw that the alt attribute of the Captcha image file had the contents of the Captcha. Making it easy for an attacker to easily bruteforce the shit outta the login page.

You don't need hackers to hack you when your internal dev team itself is self destructive.