Munchha.com volunerable
5 views
Skip to first unread message
Surmandal
Jun 7, 2007, 2:02:41 AM6/7/07
to NepS...@googlegroups.com
Hi,
Try to login with blank username and password at munchha.com. It will automatically login to Ambika Pandey's account. Lets do some sopping :)
--
With best regards
Saroj
Try to login with blank username and password at munchha.com. It will automatically login to Ambika Pandey's account. Lets do some sopping :)
--
With best regards
Saroj
Shankar Pokharel
Jun 7, 2007, 3:15:44 AM6/7/07
to NepS...@googlegroups.com
:)
Surmandal
Jun 10, 2007, 8:08:11 AM6/10/07
to NepS...@googlegroups.com
HI all,
I want to know, Is this a mistake or not?? If yes then why its happen at Nepal's most popular and largest e-commerce portal. I can login easily at Ambika pandey's account. I can check her address book too. where is the customer privacy.
I want to know, Is this a mistake or not?? If yes then why its happen at Nepal's most popular and largest e-commerce portal. I can login easily at Ambika pandey's account. I can check her address book too. where is the customer privacy.
On 6/7/07, Shankar Pokharel <memsh...@gmail.com> wrote:
:)
On 6/7/07, Surmandal <surm...@gmail.com> wrote:
> Hi,
> Try to login with blank username and password at munchha.com . It will
Message has been deleted
Trilok Acharya
Jun 10, 2007, 12:46:51 PM6/10/07
to NepS...@googlegroups.com
Yup, this isn't the first time, but that's a mistake that could happen
when you have a lot of deadlines on your mind. The best thing to do is
to inform them and from next time, they might be more conscious of
making mistakes. In the meantime, don't trust Nepali e-commerce sites :P
Trilok
when you have a lot of deadlines on your mind. The best thing to do is
to inform them and from next time, they might be more conscious of
making mistakes. In the meantime, don't trust Nepali e-commerce sites :P
Trilok
Bipin Gautam wrote:
> X-No-Archive:
Message has been deleted
Gaurav
Jun 12, 2007, 4:45:37 AM6/12/07
to NepS...@googlegroups.com
Well i dont think that the nepalese e-comm sites might have such bright
brains, but why only think this as a vulnerabiltiy, cant it be a
honey-pot......as this isn't the first time and before the process
responded same as now but with a diff account of some Mr. Sharma and ya
i found one more item added today :p yesterday there were only two..i
dont wanna go further but can some one try proceeding with steps 2 and 3
:D i know that no one wants feds knocking the door but hey nepcert's i
think its the time...
brains, but why only think this as a vulnerabiltiy, cant it be a
honey-pot......as this isn't the first time and before the process
responded same as now but with a diff account of some Mr. Sharma and ya
i found one more item added today :p yesterday there were only two..i
dont wanna go further but can some one try proceeding with steps 2 and 3
:D i know that no one wants feds knocking the door but hey nepcert's i
think its the time...
blackorama
nepbabu wrote:
> Customer's privacy is important. In fact very very important. But before writing to public mailing list,
> you should have informed the company. And if you are not sure how they may react to, you should have inform them via some form of different account email. The steps should somewhat cover how you can log in without use of password and what could possibly be done to avoid such leak of privacy.
>
> Believe me, there are lot of people trying to do a white hat style
> break-in but they do not have right to do so. Unless again you point out to
> them before you do the break in to their website, this is considered a
> breach of security.
>
> Anyway just my .02
>
> Cheers.
>
> >
>
>
Reply all
Reply to author
Forward
0 new messages