Lately I came across a nice article at “der fiese Admin” about the security leak at a German portal for kids, that made me wonder about the work attitude of some of my so called colleagues.
Security issues happen from time to time, nobody can possibly built a bullet proof website, someone will find a hole in your system from time to time, we all know that, but … guys honestly ?!
Not only saving the passwords unhashed and unsalted into the DB, which was to my mind as dump as it could possibly get, .. no I underestimated the level of failure one can produce,.. Those guys managed to set a new level of low !! How ? They did a like search for the passwords (select * from user_db where username=… and password LIKE “%…%”).
Can´t get worse right ? Wrong ! This is to be the mayor WTF of this year… they also pumped every user generated content unfiltered in their DB – Querys.
And no I will not speak about the lack of SSL protection.
So what have we got so far:
- Passwords plain in the DB
- Querying passwords with LIKE at Login
- Doors wide open for SQL – Injections because User – Content was passed directly and unfiltered to the DB – Querys
- Lack of https at login
Unlike the original poster I wouldn´t slam my own had against the table, but the one of the lead Dev at that company, lets hope it was a junior.
The original article and the statement of the CCC you will find here:
Nice article, I can recognize some of the problems. I think the main problem would be inexperienced developers, if nobody ever tells you your doing something in a bad or insecure way you will never pay attention to it. Until it all goes wrong of course.
I sometimes do a little pen-testing on random websites when I’m bored (getting more rare these days hehe), you will be amazed how many security holes you can easily find on a random website. It’s almost scary.