DISQUS

Hello! A Weird Soul is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

www.gsharma.com Jump to website »

Subscribe
- New Comments
Community
Top Commenters
- ankurraheja
  54 comments · 1 points
- Gaurav
  12 comments · 1 points
- zainab
  1 comment · 1 points
- Shaneen Clarke
  1 comment · 1 points
- mskadu
  1 comment · 1 points
Popular Threads
Recent Comments
- hey Gaurav,This is gyan,I read your experience.Being a customer you r making some wrong effects on NRI who is reading your views.ok IT can be happen some times when these things happen with some...
  3 days ago by G Singh
  
  in Citi NRI Vs ICICI NRI Bank Account
- Hi Gaurav, Thanks for putting your review here . I was actually confused with Citibank VS ICICI . This solved my issue . Thanks a lot . Even I spoke to both bank's customer executive and ICICI...
  3 days ago by Ajai
  
  in Citi NRI Vs ICICI NRI Bank Account
- Go Gaurav! Well written experience with ICICI. Reading your experience I thought it was me to whom it had happened. My login account never worked. I finally gave up. I have withdrawn most of my...
  4 days ago by Manjeet
  
  in Citi NRI Vs ICICI NRI Bank Account
- hi im dilip. i am open nri accountin icici bank. i do job in saudi arabia.
  1 week ago by DILIP KUMAR SINGH
  
  in Citi NRI Vs ICICI NRI Bank Account
- i agree all these peer r fake con and scam they need to be hanged and killed they wil getaway in dis worlds but not hearaftr they cant do nothing jus lie lie and lie and take money from ppl until a...
  1 week ago by treetop
  
  in Peer Syed Sahib

A Weird Soul

Jump to original thread »

Author

Brijj.com bug

Started by Gaurav · 11 months ago

No excerpt available. Jump to website »

10 comments

Gaurav Sharma
11 months ago

LinkedIn API?

reply

Gaurav
11 months ago

No, just a XSS vulnerability on Brijj. Click the image to see the URL.

reply

Gaurav Sharma
11 months ago

i wudn't be trusting this site with my email credentials ( http://brijj.com/aboutus/TakeATourPage2 ). A 1 year old indian website.. hmmm :-s

reply

Gaurav
11 months ago

I apparently did that.

They don't encrypt your password either. I did the 'forgot my password' thing and they emailed me my existing password in plain text. Yikes! Info Edge, a publicly traded company, needs to improve their coding quality.

reply

Gaurav Sharma
11 months ago

It all boils down to the Tech Lead / Programmers. They certainly don't seem to have any coding standards. 'Lack of experience' I assume. Moreover, quantity is rated higher than quality (in India). Pity.
I suggest you change your passwords NOW ;-)

reply

Kapil
11 months ago

Interesting find. looks like some authentication issue with the Linkedin API

reply

Gaurav
11 months ago

Kapil, this has nothing to do with LinkedIn API or even LinkedIn. I guess I chose a bad example for the iframe.

See the URL in the screenshot - http://www.flickr.com/photos/gsharma/2740079054...

reply

Gaurav
11 months ago

I just found out that you were Technical Architect on Brijj.com and it uses Symfony. I haven't dug deep into Symfony, but I'd imagine their basic auth module/plugin will hash passwords before saving them.

I wonder if Brijj.com isn't fully using Symfony to its potential?

reply

Gaurav Sharma
11 months ago

Tech Architect? You're referring to Kapil, rite? :)

reply

Gaurav
11 months ago

Yes, it was for Kapil.

reply

Add New Comment

Returning? Login