A Weird Soul - Latest Comments in Brijj.com bug

Re: Brijj.com bug

gsharma — Thu, 07 Aug 2008 21:02:15 -0000

Yes, it was for Kapil.

Re: Brijj.com bug

Gaurav Sharma — Thu, 07 Aug 2008 20:56:33 -0000

Tech Architect? You're referring to Kapil, rite? :)

Re: Brijj.com bug

gsharma — Thu, 07 Aug 2008 19:37:44 -0000

I just found out that you were Technical Architect on Brijj.com and it uses Symfony. I haven't dug deep into Symfony, but I'd imagine their basic auth module/plugin will hash passwords before saving them.

I wonder if Brijj.com isn't fully using Symfony to its potential?

Re: Brijj.com bug

gsharma — Thu, 07 Aug 2008 19:23:50 -0000

Kapil, this has nothing to do with LinkedIn API or even LinkedIn. I guess I chose a bad example for the iframe.

See the URL in the screenshot - http://www.flickr.com/photos/gsharma/2740079054...

Re: Brijj.com bug

Kapil — Thu, 07 Aug 2008 07:25:39 -0000

Interesting find. looks like some authentication issue with the Linkedin API

Re: Brijj.com bug

Gaurav Sharma — Wed, 06 Aug 2008 21:31:53 -0000

It all boils down to the Tech Lead / Programmers. They certainly don't seem to have any coding standards. 'Lack of experience' I assume. Moreover, quantity is rated higher than quality (in India). Pity.
I suggest you change your passwords NOW ;-)

Re: Brijj.com bug

gsharma — Wed, 06 Aug 2008 21:12:41 -0000

I apparently did that.

They don't encrypt your password either. I did the 'forgot my password' thing and they emailed me my existing password in plain text. Yikes! Info Edge, a publicly traded company, needs to improve their coding quality.

Re: Brijj.com bug

Gaurav Sharma — Wed, 06 Aug 2008 21:06:28 -0000

i wudn't be trusting this site with my email credentials ( http://brijj.com/aboutus/TakeATourPage2 ). A 1 year old indian website.. hmmm :-s

Re: Brijj.com bug

gsharma — Wed, 06 Aug 2008 20:26:05 -0000

No, just a XSS vulnerability on Brijj. Click the image to see the URL.

Re: Brijj.com bug

Gaurav Sharma — Wed, 06 Aug 2008 20:21:29 -0000

LinkedIn API?