cartick
Sites that store plain text passwords

These are the sites that I or my friends came across, where passwords are stored as plain text. How I know it? Reset your password and you get your original password in the mail.

I will be updating this list regularly, if you want any sites to add please post that in the comments section and I will review and add.

  1. https://www.balglobal.com
  2. http://www.geico.com
  3. http://www.victoriassecret.com/
Posted 12 months ago
Dynamic content in static html page

Today we encountered a problem where we have to put a dynamic content on a static html page, an error page, served by a simple web-server (without any server side code). The usual way to do this is using a server-side code, like php but here we are allowed to use only a static html page for many reasons. The solution we got is to use hash in the url to pass the dynamic content and use client side javascript to render the dynamic content.

Example:

URL: http://test.com/403.html#123

Client side java script:

window.onload=function(){

document.getElementById(‘errorcode’).innerHtml=document.location.hash;

}

You can use client side templating technology like dust.js to render more complex content.

Posted 12 months ago
Using curl with kerberos

Use kinit to do initialize kerberos with your credentials

» kinit

Please enter the password for kramasam@******: 

Check whether you have an active ticket

» klist

Use curl with following option:

curl —negotiate -u: 

example:

»curl —negotiate -u: http://example.com/secure

Posted 1 year ago