Mtnonline.com XSSed
Welcome. Please Login, Register, Or Activate! 
type your username and password to login
Date: November 25, 2009, 07:48 AM
432211 members and 299176 Topics
Latest Member: adardtugbaw
Nairaland [Nigerian Forum] Home Help Search Who is currently online? Login Register
Nairaland Forum  |  Technology  |  Webmasters (Moderators: OmniPotens, yawa-ti-de)  |  Mtnonline.com XSSed
Pages: (1) Go Down Send this topic Notify of replies
Author Topic: Mtnonline.com XSSed  (Read 229 views)
Cactus (m)
Mtnonline.com XSSed
« on: September 03, 2009, 08:13 AM »
So I was reading the job/vacancy board. Then saw a thread about mtn openings. Of course I had to look at it. so the poster gave link to the site which was not complete so easiest thing was to go back to mtnonline.com and click to their career section.

I clicked the career menu then i SCREAMED arghhhhhhhhhhhhhhhhhhhhh. FML. An alert popped up about script injection. So, I dug through several pages of the career section basically that section of their site is messed up. Then I noticed a couple other things

1. mtnonline is built on the .NET Framework
2. the career section = asp
3. by some magically reason, there are sooooooo many nest or deep rooter tr and td
4. the main link to the career page which http://www.mtnonline.com/careers/login.asp  (click at your own risk)  I believe is actually fake because look at the text above the email not proper grammar and the password is not masked. So I guess this was the page code that was either partially replaced or totally reconstructed. If mtnonline actually did this page like that FML.

So, I put together what I found with screenshot and sent it to them and hopefully they will pull it down and fix it asap.
Afam (m)
Re: Mtnonline.com XSSed
« #1 on: September 03, 2009, 08:59 AM »
These companies and their websites with so many errors.

Sent an email to UBA on my inability to access the Udirect website as the login button doesn't work, have been trying since last week. They responded and confirmed that the address was ok.

I normally use Chrome or Firefox and have been trying to login without any luck. Then it occurred to me it might be a browser compatibility problem and I then fired up IE8 that I have but rarely use and the application worked just fine.

I sent a reply telling them that the application worked when I used IE and made it clear that for a bank it is poor style to have a major application working in a particular browser and not all or most of the browsers out there.
Cactus (m)
Re: Mtnonline.com XSSed
« #2 on: September 03, 2009, 09:17 AM »
I really don't get why people don't get it.

No need to do cheap stuff. Pay the money and get a great application. No shortcuts. Do it clean and straight really.

I posted an article sometime back about a factory having problems. Trying to solve it in-house they could not and they ended up calling a consultant. And I think the consultant charged 5000$. And the factory manager asked why you changed me so much just to tell me what and where the problem his. And the consultant replied, well, 500$ or so to show you the problem and the remaining because I know what to do. Something like that.

Spend the money geez. Makes everyone happy, customers will be happy and will always come back if they dont experience problems and would likely recommend others to visit. gush
yawa-ti-de (f)
Re: Mtnonline.com XSSed
« #3 on: September 03, 2009, 10:46 AM »
Yep, I might be expensive but it is worth the peace of mind knowing that you are getting a quality product from me and that quality is not compromised  Cool

Seriously though, I thought stuff like this was a result of cheap clients.  Yesterday, we heard from someone who paid millions for service they didn't even get.  That tells me that our clients (some anyway) in Nigeria need an education on how the web works.  In other words, they shouldn't just take it at face value that when they want a website, they will get what they paid for.

Clients should:
1) Get involved in testing to ensure that they are actually getting what they paid for. 

2) Have a contract specifying damages a "webmaster" would pay if they get so many errors (for example say, bugs should not be more than 10% post-launch, which is usually 30 days after the site goes live).

3) Clients should withhold final payment until that say, 30 day threshold has expired, deducting a percentage for each day bugs are not fixed.

Yep, professionalism comes at a price and I am willing to go for months without doing a single job to drive that point home  Grin
 Efficient Wap Site  Read This  Vote For Ur Best Website Address Now  Page 2
Pages: (1) Go Up Send Topic to Friend by E-mail Reply 


Sections: Autos/Cars (2) Jobs/Vacancies (2) (3) Career Talk Education General(2) Politics Romance Computers Phones Travel
Sports Fashion Health Religion Celebrities TV/Movies (2) Music/Radio (2) Books Webmasters Programming

Links: Page1 Page2 Page3 Page4 Page5 Page6 Page7 Page8 Page9 Page10

Nairaland is owned by Oluwaseun Osewa. See also: Nairalist Classified Ads
Nairaland Forum | Powered by SMF 1.0.12.
© 2001-2005, Lewis Media. All Rights Reserved.