- Status
saqib_khan
I M A *STAR*
u made it very complicated
victor_rambo
हॉर्न ओके प्लीज़
You guys forgot to change the logo in the forum. It still shows the old logo!
*www.thinkdigit.com/forum/images/ca_evo2/misc/logo.gif
*www.thinkdigit.com/images/logo.gif
*www.thinkdigit.com/forum/images/ca_evo2/misc/logo.gif
*www.thinkdigit.com/images/logo.gif
A
ankitsagwekar
Guest
home page is good but what about forum ?
victor_rambo
हॉर्न ओके प्लीज़
^R u guyz using Opera?
1. There seems some problem because of which you cannot sign-in using Opera.
2. english has been way too sloppy at some places.
3. While subscribing for newsletters, the email address is not confirmed by sending any confirmation email.
4. The welcome letter which is sent after you subscribe has horrible english:
-Spelling of completed is wrong
-thinkdigit has been written so loosely. Doesn't feel like a brand!
5. No email confirmation is sent on registration. Directly a welcome email is sent.
6. In password retrieval, the email sent with the updated password has a typo in its subject line
7. There is SO MUCH inconsistency over teh word "thinkdigit" that sometimes I find it written as "thinkdigit", or sometimes "ThinkDigit" or sometimes "www.thinkdigit.com"
1. There seems some problem because of which you cannot sign-in using Opera.
2. english has been way too sloppy at some places.
3. While subscribing for newsletters, the email address is not confirmed by sending any confirmation email.
4. The welcome letter which is sent after you subscribe has horrible english:
-No comma after Hello Rohan.
-Spelling of completed is wrong
-thinkdigit has been written so loosely. Doesn't feel like a brand!
5. No email confirmation is sent on registration. Directly a welcome email is sent.
English is horrible!
6. In password retrieval, the email sent with the updated password has a typo in its subject line
7. There is SO MUCH inconsistency over teh word "thinkdigit" that sometimes I find it written as "thinkdigit", or sometimes "ThinkDigit" or sometimes "www.thinkdigit.com"
Last edited:
victor_rambo
हॉर्न ओके प्लीज़
^Continued
8. Logging out of the ThinkDigit site also logs out from the thinkdigit forum.
8. Logging out of the ThinkDigit site also logs out from the thinkdigit forum.
DigitalDude
PhotonAttack
@rohan
good find bro
_
good find bro
_
Last edited:
victor_rambo
हॉर्न ओके प्लीज़
^I have found other security holes too.
TO DIGIT: I DID NOT EXPECT YOU TO HIRE SUCH SLOPPY WEB PROGRAMMERS.
Poor show indus guys!
They claim their website to be XHTML valid whereas it is has 12 errors.
The "Edit Profile" page is accessible even if the user is not logged in.
*www.thinkdigit.com/editprofile.php
Even if enter any random details and submit the form, it returns a "successfully edited profile". lol
These indus technologies guyz claim to be "Premier Internet Consultancy" firms. You can be assured that they are "Fools of First Order" because their code has such great blunders that I was shocked to see that they have been in the business for some "10 Years". I will soon go through their portfolios if they have offered such sloppy services to other websites too.
TO DIGIT: I DID NOT EXPECT YOU TO HIRE SUCH SLOPPY WEB PROGRAMMERS.
Poor show indus guys!
They claim their website to be XHTML valid whereas it is has 12 errors.
The "Edit Profile" page is accessible even if the user is not logged in.
*www.thinkdigit.com/editprofile.php
Even if enter any random details and submit the form, it returns a "successfully edited profile". lol
Last edited:
DigitalDude
PhotonAttack
^^^^
LOL...
there are a TON of companies like that... mostly because people who hire them know not much about the job in hand and people who visit the websites also dont care unless they are gonna enter their credit card number
_
LOL...
there are a TON of companies like that... mostly because people who hire them know not much about the job in hand
and people who visit the websites also dont care unless they are gonna enter their credit card number _
victor_rambo
हॉर्न ओके प्लीज़
^Ya, I know, India is especially known for "cheap" outsourcing. May be these Indus guyz are one of those flocks!
But still I didn't expect such a thing from digit.
But still I didn't expect such a thing from digit.
victor_rambo
हॉर्न ओके प्लीज़
One more security risk:
Full path disclosure:
Full path disclosure:
DigitalDude
PhotonAttack
^^^
is it that big a risk ?
most of the php errors throw up similar kinda statements with full paths
db and file read errors are most common
and btw since the session itself is not getting initialised no one can login
expert php programmers
_
is it that big a risk ?
most of the php errors throw up similar kinda statements with full paths
db and file read errors are most common
and btw since the session itself is not getting initialised no one can login
expert php programmers
_
victor_rambo
हॉर्न ओके प्लीज़
^
*www.owasp.org/index.php/Full_Path_Disclosure
It may not be highly risky, but it does pose a thread
*www.owasp.org/index.php/Full_Path_Disclosure
It may not be highly risky, but it does pose a thread
DigitalDude
PhotonAttack
^^thx for the link
btw now only noticed we can change the color scheme of the website - Red, Blue, Green, Orange.. by logging in and going to the profile page
_
btw now only noticed we can change the color scheme of the website - Red, Blue, Green, Orange.. by logging in and going to the profile page
_
victor_rambo
हॉर्न ओके प्लीज़
yaa........u can change color........but its stored the selection in a session cookie. So as soon as you log out, you will have the default maroon-red scheme.
- Status