hngopher.com

       [HN Gopher] How I pwned a major New Zealand service provider
       ___________________________________________________________________
        
       How I pwned a major New Zealand service provider
        
       Author : MrBruh
       Score  : 19 points
       Date   : 2025-03-24 23:07 UTC (2 days ago)
        
 (HTM) web link (mrbruh.com)
 (TXT) w3m dump (mrbruh.com)
        
       | girvo wrote:
       | That reminds me of all the SQL injection vulns that we used to
       | blame on PHP. As PHP becomes less popular, and the same/similar
       | vulnerabilities remain, I realise it's more just bad practices
       | (though ~2000-early 2010s PHP really was pretty rough when it
       | came to creating those holes, but that might just be a function
       | of how popular it was!)
       | 
       | Nice work on finding it :)
        
       | hsbauauvhabzb wrote:
       | Be super careful with this, you had innocent intent, but that
       | doesn't mitigate the fact that you potentially broke the law (and
       | regardless of whether you did or not, that won't stop feds
       | busting in the door). Some places will take reports like that
       | gratefully, others will do everything in their power to make you
       | out to be the bad guy.
        
         | StrauXX wrote:
         | No, they did not in any way break the law. As they wrote
         | themselves:
         | 
         | > I did some research and found that the app did infact have a
         | responsible disclosure policy which at that point, I was happy
         | to continue forth.
        
         | bauruine wrote:
         | >I did some research and found that the app did infact have a
         | responsible disclosure policy which at that point, I was happy
         | to continue forth.
         | 
         | Looks like he did some research before.
         | 
         | On the other hand
         | 
         | >On day 2 I awoke and began by finding some form of contact
         | details, information was somewhat sparse but I managed to find
         | a phone number.
         | 
         | Doesn't a responsible disclosure policy contain contact infos
         | on where to report usually?
        
       | ngonch wrote:
       | Australia and New Zealand are insanely careless with personal
       | data. I was shocked when I was asked to write my credit card
       | details, including cvv, on a piece of paper in a beachside
       | surfboard rental shop
        
       ___________________________________________________________________
       (page generated 2025-03-27 23:00 UTC)