Details
Joined devRant on 7/30/2017
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@jordinebot @movaid7 Happy that it was helpful to you. :)
-
2000 to 5000 INR is lesser than 100 USD my friend. U sure u calculated it right..?
-
@boubalo Blondes and Milfs don't excite me anymore. So, I switched to textboxes, search bars and open login forms.
-
@mhudson Not much. It's become boring nowadays with the same story lines.
-
@d4ng3r0u5 hahaha... good one. 😂
-
@Fiftyseven yes... Did find a few security issues. I wish they had Bug Bounty Program so that I could report. 😅
-
@lotd hahaha... Maybe... :P
-
Seems like a story of every developer.
-
Security guy here...
-
Then You know how good the computer science department is.
-
@filthyranter the attacker could simply write a Python script to take the values from the alt attribute and put it into the Captcha text field.
And once this process gets automated, then it's just the matter of time and computation power to crack the password. -
@T1l3 well it is unlikely that an attacker could steal password using this method, as the tampering in this scenario is done on OSI Layer 7 which is the Application Layer. And as the application is with the user himself, so it gets lil tricky. But, an attacker could still do it, by the means of CSRF attacks or XSS attacks. But once the https comes in, then it becomes highly unlikely to intercept, the interception at this stage could be only possible if there exists a Zero Day bug that no one knows about, or if the attacker tricks in by using thing like SSL Strip.
-
@T1l3 Well, for that you got to check out how the OSI Layer works, HTTPS which is SSL/TLS works at the Transport Layer. So, if the hidden field is present on the form, an attacker can still use a Local Proxy and make the changes to the values before it is sent to the next layer.
Check out YouTube videos on Tamperdata and Burp Suite. -
@TerriToniAX Never make calculations on the client side. The Server's got to do the Calculation.
-
Document whatever you do. And make sure you claim whatever you do. Make sure your efforts are noticed.
-
#respect
-
Genius...
-
I know that feel...
-
#UDPJokes
-
Made my day...!!!
-
That's what happens when HR's decide the Job Description.
-
#respect
-
Agree with you...