So our public transportation company started to sell tickets online with their brand new fancy​ system.

• You can buy tickets and passes for the price you want
• Passwords are in plaintext
• Communication is through HTTP
• Login state are checked before the password match so you can basically view who is online
• Email password reminders security code can be read from servers response

Oh and I almost forgot admin credentials are FUCKING admin/admin

Who in the fucking name of all gods can commit such idiocracy with a system that would be used by almost millions of people. I hope you will burn in programming hell. Or even worse...

I'm glad I'm having a car and don't have to use that security black hole.

fucking hostgator!

go suck a cock you developers!

everything from their payment system to their support is crap.

a few days ago, i purchased a website from hostgator, with a year of hosting during black friday weekend. i had obtained a black friday coupon code that entitled me to roughly $160 off its usual price. that said, i filled out the registration form and clicked the 'checkout' button.

right after i clicked it, i saw i forgot to put in the coupon code, and pressed the back button on my browser. then i put in the code and proceeded with checkout.

guess what?

those MOTHERFUCKING GREEDY ASS BITCHES charged me TWICE, one with the coupon and one without.

i contacted customer support and told them what happened after waiting about double the time i was supposed to be connected to support.

of course, they asked for my fucking "security" pin over the customer support live chat (totally not ironic).

they sent a confirmation email, and cancelled the payment without the coupon.

then ONE FUCKING DAY LATER, I tried to connect to my website.

MY SITE WAS FUCKING SUSPENDED.

die in a hole.

i contacted customer support once more, and after explaining the story, I had to wait four to eight hours.

i'll see how it turns out tomorrow.

die in a hole hostgator🖕

Just found the most embarrassing security hole. Basically a skelleton key to millions of user data. Names, email addresses, zip codes, orders. If the email indicates a birthdate, even more shit if you chain another vector. Basically an order id / hash pair that should allow users to enter data AND SHOULD ONLY AUTHORIZE THEM TO THE SITE FOR ENTRING DATA. Well, what happend was that a non mathing hash/id pair will not provide an aith token bit it will create a session linked to that order.

Long story short, call url 1 enter the foreign ID, get an error, access order overview site, profit. Obviously a big fucking problem and I still had to run directly to our CEO to get it prioritized because product management thought a style update would be more important.

Oh, and of course the IDs are counted upwards. Making them random would be too unfair towards the poor black hats out there.

EXPERIENCED CRYPTOCURRENCY RECOVERY COMPANY ⁚ CONTACT DIGITAL HACK RECOVERY FOR BEST SERVICES

Imagine waking up, groggily reaching for your phone to check your crypto balance, only to find out you’re locked out of your Bitcoin wallet, holding a cool $550,000. No explanation, no warning—just an impenetrable wall between you and your hard-earned fortune. Yep, that’s how my day started, and let me tell you, it wasn’t the morning coffee that got my heart racing. It felt like I had been shoved into a financial horror movie, except instead of a masked villain, it was my Bitcoin wallet holding me hostage.
After the initial panic—and after realizing that yelling at my laptop wasn’t going to magically unlock my wallet—I did what any reasonable person would do: I turned to Google. After several hours of frantic research, which mostly led to dead ends and sketchy forums, I finally stumbled across something that didn’t look like a scam: Digital Hack Recovery. It sounded almost too good to be true, but at this point, I was willing to try anything short of selling my soul to get that $550,000 back.
So, I took the plunge and contacted Digital Hack Recovery. From the get-go, their team was an absolute breath of fresh air. Instead of the vague promises and technical jargon I’d come to expect from other services, they laid everything out in simple, clear terms. No sugarcoating, no "We'll get back to you in 5 business days" nonsense—they got right to work. And let me tell you, their forensic approach to wallet recovery was nothing short of magic (or at least, the kind of magic that involves a lot of advanced technology I’ll never understand).
The best part? They kept me updated throughout the entire process. I wasn’t left sitting around, anxiously biting my nails, wondering if I’d ever see my Bitcoin again. Every step of the way, they communicated what they were doing and why, which put me at ease—something that’s no small feat when you’re staring at a locked wallet with $550,000 inside. And just when I thought it couldn’t get any better, there were no hidden fees. None. Nada. Everything was upfront and transparent, which is something you don’t often find in the world of cryptocurrency.
Before I knew it, Digital Hack Recovery had done the impossible. They restored full access to my wallet, and I didn’t lose a single satoshi. It was as if the whole nightmare had never happened, except I now had a newfound appreciation for wallet security (and a checklist of things not to do in the future). So, if you’re ever locked out of your wallet—whether through a hacker’s handiwork or your own accidental blunder—don’t panic. Just call Digital Hack Recovery. They’re the real deal, and trust me, they’ll bring your funds back where they belong: in your wallet, not lost in some digital black hole. For quick assistance contact Digital Hack Recovery through⁚

WhatsApp +19152151930

Email; digital hack recovery @ techie . com

Website; https : // digital hack recovery . com