I have read a couple of books recently about different vulnerabilities in order to be able to better protect my projects/websites. Today, I want to share a story about how I managed to use this knowledge in practice.
Disclaimer
This material is posted for educational purposes only. The author is not responsible for its usage by other Hackread visitors. The company was notified in advance of 48 hours of the vulnerability and already received enough data to fix it. All vulnerabilities are now fixed.
How it all began
It was quite an ordinary day. I finished several work tasks and made myself a cup of coffee. At the same time, I decided to read one article about trading strategies. I wanted to create my own trading bot. In the column to the right of the article, several other articles and ads were displayed.
I do not remember what exactly made me click the advertisement and visit that site, but when I opened it, I noticed one interesting feature. The link led to the landing page with a registration form and one field was already filled in – the promotional code. Please forgive me for not sharing the exact website URL. So, I compared the promo code that was in the input field with the one in the address bar. They were completely the same.
What can we do about it?
Obvious and trite – we may try to change it. If the promo code gets compared with its corresponding value in the database, we will see an ..
Support the originator by clicking the read the rest link below.
