Rogers Phone Finder - What happens if you only learn jQuery(rogersphonefinder.com) |
Rogers Phone Finder - What happens if you only learn jQuery(rogersphonefinder.com) |
Checkout: https://www.rogersphonefinder.com/javascripts/conf.js https://www.rogersphonefinder.com/javascripts/fq.js
and you can bypass all the business logic, including checking someone's location I think.
Did I mention that they store your password in plaintext in a cookie? #facepalm
The plain-text password in the cook seems to be it's huge flaw, but I don't see the problem with the fact that you can circumvent the javascript as long as business rules are still validated on the server side.