Gauteng.com exposes user e-mails and phone numbers

“It probably happened when we moved the site from an older server to a new server,” Harris said

Sorry, what? :wtf:

Seriously would not trust this company with a stone.
 
There would have been hell to pay if the Protection of Personal Information Act had been in place.
 
To see if your details are listed in google search results for gauteng.com , please use this seach term ' gauteng.com "Please can you give me a quote on the" '. Without the outer '.

Or if that is to difficult then just click here.

Click on the cached view of the page to read the contents.

It is not a complete list, and you cannot browse anywhere in the cached page. How would one go about asking google to remove the pages from the index??
 
Lol... this is beautiful...

Digging around for a minute reveals the page: http://www.gauteng.com/edit.php?itemid=

Playing around with that for another minute reveals an very nice opportunity for sql injection. Fortunately I'm not one for destroying other people's data (R50 says their last backup is when they moved servers, if they did), but people who dev like this should not be allowed to build sites.
 
then they a bunch idiots, not updating the server applying security etc etc
 
“It probably happened when we moved the site from an older server to a new server,” Harris said

To the normal person that may be acceptable. For a developer it's the most ridiculous excuse ever. Either authentication existed or it didn't. Clearly in this case it didn't.
 
That's what happens when companies aren't willing to pay for quality developers.
You get guys that don't know what the xxxx they're doing...
 
Top
Sign up to the MyBroadband newsletter
X