SANRAL E-TOLL WEBSITE VULNERABILITY

[froot]

4 pages and no word from House?
:erm:

He's still conferring with the rest of the council - he's running out of things to shout at us

 

[MagicDude4Eva]

I think he is busy trying to figure out who Moe1 / mtbk is.

 

[DJ...]

I think he is busy trying to figure out who Moe1 / mtbk is.

He knows already. It will all become clear some time in 2014/2015...

 

[froot]

He knows already. It will all become clear some time in 2014/2015...

The name's on the Youtube account.... Moses Thembeka.

 

[Shake&Bake]

I think he is busy trying to figure out who Moe1 / mtbk is.

Its gotta be you - the letter M is so prevelant

 

[Paul Hjul]

I think he is busy trying to figure out who Moe1 / mtbk is.

they way ahead of that; busy equipping the extraction team to intervene

 

[Heisenborg]

 

[maumau]

4 pages and no word from House?
:erm:

probably programming like mad trying to fix the bug. watching myBB for hints and clues

 

[Necuno]

I tried to change a URL to figure out who Moe1 / mtbk is.

 

[MagicDude4Eva]

I tried to change a URL to figure out who Moe1 / mtbk is.

Don't confuse the cyber-inspectors now

 

[Spliffcat]

HOUSE HOUSE where are you sweetheart?

 

[Sinbad]

HOUSE HOUSE where are you sweetheart?

Shoosh, he's in a meeting with President Zuma and Mother Theresa to advise them on world peace.

 

[thysb]

Who is the spokesperson for scamral again? He also hasn't validated his account yet...

 

[Insint]

HOUSE HOUSE where are you sweetheart?

He's very busy on news24.

 

[kokzn]

jacobzuma 1942

edit: damn, his account not validated yet

 

[Petec]

 

[xera]

And they expect me to register? Screw that. :wtf:

 

[xera]

You enter any username on the account page conformation when activating an account, however the pin is in plain text in the source when you submit the request. Enter any username and get any pin. Log into any account.

Essentially, an outdated version of SA road users database is available with nothing more than entering any username

identical issue as CoJ, no session checking is done to prevent accessing secure data, but worse, they supply you with the pin..

That is a very servere loophole/backdoor..

 

[Fingolfin]

To me, discussing the legality of the access patterns required for testing this sort of vulnerability is bike-shedding.

Why are we letting them build these systems? People will get hurt, and 99% of the problems will never be detected or ever become actionable by the common populace.

At this point, computers can be safely used for offline video games only, and even that is debatable...

Computer Says: NO.

http://klimbie.com/wp-content/uploads/2013/08/Elysium_pic-300x181.jpg

 

[irshaad]

vehicle of choice on 24 - Nissan Almera