Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
2 users currently in General Chat: |
Acmlm's Board - I2 Archive - General Chat - Computers at Work easier to hack than Acmlm's? | | | |
Pages: 1 2 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
Zemus Sand Crab Level: 25 Posts: 229/233 EXP: 86920 For next: 2700 Since: 03-15-04 Since last post: 281 days Last activity: 111 days |
| ||
This is one of the funniest things I've encountered on corporate stupidity (I'm sure there's more out there, but I've not encountered it). Okay, so I was playing around on the computers at work and I figured out that the Administrative screen is a webpage hosted locally on the computer. Well all the employees can access that page, but depending on your rank (employee, assistant manager, super assistant manager or store manager or higher) varies what you can do at this screen. Well I thought it was amazing, it uses PHP and MySQL and I'm like "I know how this all works" so I play with the url so that the employee ID and the rank level are different and then I hit enter and WHAM! All of a sudden I'm able to view and modify people's pay rate and address and pretty much anything else I want. Crazy shit how easy it is. :-P I'm amazed they didn't at least add password requirement to the URL... even unencrypted would be better than nothing at all :-P So now the only real research I need to do is if and where it logs accesses and if and how easily those logs are modified. This is one of the most insecure computers I've encountered. even mine has more security. :-P | |||
Legion banning people for no reason sure is fun Level: 101 Posts: 3482/5657 EXP: 10399737 For next: 317938 Since: 03-15-04 From: The Crossroads is under attack! Since last post: 5 days Last activity: 5 days |
| ||
Wow. I bet you get laid every day. |
|||
Zemus Sand Crab Level: 25 Posts: 230/233 EXP: 86920 For next: 2700 Since: 03-15-04 Since last post: 281 days Last activity: 111 days |
| ||
twice, today, actually, but phoenix is full of sluts so its no big challenge. Just ask Tommathy for verification on how much I sleep around :-P | |||
JDavis Trick or Treating Local Mod Affected by 'Halloween Syndrome' ++ Level: 44 Posts: 370/815 EXP: 568676 For next: 42609 Since: 03-15-04 From: Ada, Oklahoma, USA Since last post: 5 hours Last activity: 4 hours |
| ||
So how big of a raise did you give yourself? | |||
Zemus Sand Crab Level: 25 Posts: 231/233 EXP: 86920 For next: 2700 Since: 03-15-04 Since last post: 281 days Last activity: 111 days |
| ||
none yet. as I said, gotta make sure it doesn't have access logs, and if it does gotta make sure I can modify them. they're not that bright with security, though, so I doubt it'll be hard. some chick who was fired was writing bogus checks from the company for over a year before she got caught :-P so doing something from within the system should be even harder to trace. prolly only give myself the standard 80 cent raise, though. don't need much money, no point being too greedy :-P | |||
Kefka Indefinitely Unbanned Level: 81 Posts: 2403/3392 EXP: 4826208 For next: 166641 Since: 03-15-04 From: Pomona, CALIFORNIA BABY! Since last post: 4 hours Last activity: 4 hours |
| ||
You're pathetic. | |||
Alastor the Stylish Hey! I made a cool game! It's called "I poisoned half the food, so if you eat you might die!" Have a taco. Level: 114 Posts: 4342/7620 EXP: 16258468 For next: 51099 Since: 03-15-04 From: Oregon, US Since last post: 2 hours Last activity: 2 hours |
| ||
... But then they'll be going through on payday and saying "Wait, when did he get a raise?" and then when they check it out, at best it'll be corrected, at worst, your ass is dead. | |||
Zemus Sand Crab Level: 25 Posts: 232/233 EXP: 86920 For next: 2700 Since: 03-15-04 Since last post: 281 days Last activity: 111 days |
| ||
the corporation throws money around like its nothing... they don't notice small discrepencies, I've worked with them long enough to know that to be true. this is a company that, if I tear my jeans and say it happened at work, they'll buy me a new pair no questions asked :-P hell, maybe I should do that and get a new wardrobe. lol. | |||
Kefka Indefinitely Unbanned Level: 81 Posts: 2411/3392 EXP: 4826208 For next: 166641 Since: 03-15-04 From: Pomona, CALIFORNIA BABY! Since last post: 4 hours Last activity: 4 hours |
| ||
You don't have enough integrity to be an office worker. Quit the field while you can. | |||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 2829/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
This is a really good way to get into huge trouble. People who know little about computers take 'hacking' very, very seriously, and what they consider hacking can be anything they don't know how to do. (I was once accused of hacking because a teacher saw me open Notepad from the Run prompt. ) Plus, if you actually change anything in there, you can get in major shit for a lot of other crimes. Here's what I suggest you do instead: -If you can change stuff without being caught, don't change your own info, you risk being caught by the people going through it or by comparison to hard copies/backups. Instead, you can use this to your advantage a different way... Someone you really, really hate? Give them a HUGE raise, so big that there's really no way they won't get caught. Watch them get busted! (You'd be surprised how many people get into these kinds of systems, and drunk on their own power, just give themselves like a 50-dollar raise without thinking about consequences, checking security systems, etc.) -Report this security flaw to the administration. Depending what kind of people they are, you may want to tell them in person. Best case, they thank you for it, probably giving you some sort of bonus. Worst case, you get in trouble for breaking into it in the first place. (It's kinda like if a burgular broke into your house, woke you up, and told you how he got in. Some people would be grateful for the update but many would treat him the same as if he'd robbed them blind.) If you don't want to risk this, do it anonymously (unmarked envelope in the mailbox is a good bet), and at least be satisfied in the fact that others won't be able to look at and mess with your personal information. |
|||
Darth Coby Vire Dacht je nou echt dat het over was? Dacht je nou echt dat ik gebroken was? Nee toch? Nou kijk eens goed op uit je ogen gast. zonder clic heb je geen kloten tjap... bitch Level: 55 Posts: 1026/1371 EXP: 1240774 For next: 73415 Since: 03-15-04 From: Belgium Since last post: 2 days Last activity: 9 hours |
| ||
Ok I'm with all the white hacking and stuff but, I'd give myself a raise though .. Ok only if I don't get enough. | |||
Sokarhacd Ball and Chain Trooper Resistance is Futile You Will Be Assimilated Hab SoSlI' Quch Level: 61 Posts: 963/1757 EXP: 1799888 For next: 76708 Since: 03-15-04 Since last post: 6 days Last activity: 4 hours |
| ||
I would want to benefit myself, only if the following were true, 1% or less chance of getting caught, didnt like the job, and wasnt getting paid enough, otherwise, I would just make it so you could access it all the time, without anyone else knowing, and if you ever get fired, do whatever you want...thats what I would do anyway. | |||
Kitten Yiffer Purple wand Furry moderator Vivent l'exp����¯�¿�½������©rience de signalisation d'amusement, ou bien ! Level: 135 Posts: 7120/11162 EXP: 28824106 For next: 510899 Since: 03-15-04 From: Sweden Since last post: 3 hours Last activity: 4 min. |
| ||
It's quite common with PHP security holes. I'm not surprised if they wouldn't have logs either. If anything you could always give severeal persons pay-rise. But if they're smart they should at least correct that if they find out. And you should actually tell them about it... or just keep quiet about it if you are afraid of losing your job. |
|||
Ran-chan Moldorm eek, when are they going to stop growing... Level: 143 Posts: 6505/12781 EXP: 35293588 For next: 538220 Since: 03-15-04 From: Nerima District, Tokyo - Japan Since last post: 12 hours Last activity: 12 hours |
| ||
Haha, why don | |||
FreeDOS Lava Lotus Wannabe-Mod :< Level: 59 Posts: 987/1657 EXP: 1648646 For next: 24482 Since: 03-15-04 From: Seattle Since last post: 6 hours Last activity: 4 hours |
| ||
Actually, that's not how PHP scripts are supposed to work. Anonymously tell them to turn register globals off. | |||
Kefka Indefinitely Unbanned Level: 81 Posts: 2482/3392 EXP: 4826208 For next: 166641 Since: 03-15-04 From: Pomona, CALIFORNIA BABY! Since last post: 4 hours Last activity: 4 hours |
| ||
Originally posted by Trapster |
|||
Nebetsu Shmee Level: 55 Posts: 774/1574 EXP: 1291130 For next: 23059 Since: 09-01-04 From: Nebland Since last post: 3 hours Last activity: 1 hour |
| ||
Why not try this site? www.try2hack.nl | |||
knuck Hinox Banned until 19-58-5815: trolling, flaming, spamming, being a general fucktard... Level: 62 Posts: 1029/1818 EXP: 1894574 For next: 90112 Since: 03-15-04 Since last post: 14 hours Last activity: 9 hours |
| ||
Originally posted by NebetsuBecause it's lame and old, and has nothing to do with hacking. |
|||
Narf Hi Tuvai! (reregistering while banned) Level: 16 Posts: 3/100 EXP: 17634 For next: 2622 Since: 12-26-04 Since last post: 22 hours Last activity: 14 hours |
| ||
If that is true and you actually could give yourself more rights by just changing numbers in the query string, then the program/page we're talking about is just horribly bad secured. Any PHP (or ASP, or JSP, or whatever) programmer should know not to work with important values/variables through the URL/query string. |
|||
MathOnNapkins Math n' Hacks Level: 67 Posts: 1288/2189 EXP: 2495887 For next: 96985 Since: 03-18-04 From: Base Tourian Since last post: 1 hour Last activity: 32 min. |
| ||
Well, you could just divert attention from yourself by giving EVERYONE a random raise/lowering, including yourself. So bam, you get one slightly higher paycheck and they're left thinking it's a system glitch. |
Pages: 1 2 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - General Chat - Computers at Work easier to hack than Acmlm's? | | | |