AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
3min chapter
130: Jason's Pen Test
Darknet Diaries
Reset the Password and Take Over Any User Account on This Site
We found a way to upload images to other users accounts on the site which is interesting. We had cross site scripting, we could view streams without paying for them. So at this point we could reset anybody's password and take over their account with access to the backend admin site. Also in the store there was an SQL injection button that allowed us to dump the complete database purchases and credit card data for everything that had been ordered on his store. Which is not only just sensitive because you have credit card data but also sensitive because these are very sensitive purchases, very sensitive nature. And so that was that test and there's a lot of things I learned from that test about that industry and stuff like
00:00
Transcript
Episode notes
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode