StaySafe COVID19 Tracker hacked, Admin access obtained with all user data

[Jack_Sparrow]

meka helakuru eken propsed karala karapu ekak wage..

Sirawata backend ehema kohomad tiyanawada danne naha

being open source doesn't risks it's security if it is developed correctly.

Absolutely correct When you know your code is in public and whole world would see it, naturally you will be much careful with proper code and security reviews

 

[හෙනයා]

Sirawata backend ehema kohomad tiyanawada danne naha

thawa company ekaka namak muladi dala thibba site eke.. dan eka hoyaganna ba.. eke kattiya wenna athi hadala aththe helakuru eke support ekath ekka..

 

[Error365!]

99% un hithanne front end eka gahuwa backend eka gahuwa login page eka damma wade hari kiyala.

Ane manda ban lankawe software developments

Knowing what is Information security is a must for a developer. Eth godak un ahalawath na. Ithin kohe implement karannada.

 

[EON]

I get that
Even developed countries don't have a universal QR system where as SL does so instead of assisting the process you guys are bit**hing

magulak katha karanawa. ehema assist karanna meka charity service ekak nemeine. ehenam ICTA eke unta padi gewanne labbatada. un padi ganna me kohewath inna un arunge adu padu hadala denna. labba thamai

competition eka kiyanne okata. loke anith ratawal walata puluwan nam, maha lokuwata radio channel wala awilla ape tracking software eka best in class, patta secure kisima data ekak leak wenne na kiyala pada talks denna puluwan nam me wage dewal walatath muna denna wenawa.

ICTA wage ewala inna unta wada siya dahas gunayak talent eka thiyana sira porawal inne eliye. ekama awula un ICTA eke ewun wage eka ekage puka lewakanna yanne na. e nisa un eliye. lewa kapu ewun gihilla karoth karanne oya wage mari moda wadak thama.

example, UK wala wage oka una nam me weddi hadapu ewun tika hire.. GDPR kiyala deyak ahala thiyanawada danne na. hoyala balahanko ethakota therei.

data breach ekak kiwwama UK IT company wala unta bada yanne nathi tika witharai. mokada unta kelinma mathak wenne e lagata ena lawsuit anan manan

 

[topkollek]

Even developed countries don't have a universal QR system

උඹට නම් හොඳටම පිස්සු. ඕක හදපු එකා උඹ නේද?

 

[EON]

උඹට නම් හොඳටම පිස්සු. ඕක හදපු එකා උඹ නේද?

sirawatama ban. mama ekai kiwwe. ekko mu oka hadapu set eke ekek. ekko oka hadapu ekek muge yaluwek. nathnam mechchara unge warada kiyala peni peni gon katha kiyawaida ban

 

[wingman]

haha me ape Rukshan ayya ne

 

[TNHM]

මේක ICTA එකෙන් කරපු එකක් නෙමෙයි. බැරකුඩා කියලා එකකින් කරෙ. june වල ඉදන් හදන එකක්. මුන් මෙක විකුනන්න හැදුවෙ. පස්සෙ icta එකට දුන්නා. ලංකාවෙ ගොඩාක් කොම්පැනි ඔය වගේ තමයි. security na. db relationships na. throttling na. simple framework එකකින් දෙන බේසික්ම දේවල් වත් නෑ. මොක්ද ලොකු කමට අපි framework use කලේ නෑ කියන්න අතින්ම කරනවා. එහෙම නැත්නම් php චාටර් ලැරවල් චාටර් කියලා ලොකු කමට ජාවා කරනවා. අන්තිම php developet post එකට ගත්ත උන් ජාවා කරනවා result එක මේ වගෙ තමයි.

වැඩිය ඕනෙ නෑ මුන්ගෙ shop වල id එක auto increament තියෙන්නෙ. ගේමක් නැතුව ඔක්කොම ශොප් වල details scrape කරන්න පුලුවන්. throttling නැ.

අත්දැකිමෙන් කියන්නෙ.

කතා කරලා වැඩක් නෑ.

 

[me2cool]

Is StaySafe an open-source project? Why would anyone build this kind of app using open source code base?

If being open source is a reason for lack of security, then the whole world is doomed

 

[Solo Rider]

If being open source is a reason for lack of security, then the whole world is doomed

My bad , what I meant was some random code base without any update after initial submit, but not something like Android OS project with plenty of community support

It's literally Open source, not terminology open source

 

[rclakmal]

is this site working now ?

 

[anilsghost]

Don't post things here that can compromise national security
Don't be a d*CK and play games with your country
Let me report these users to Cops
Enjoy!!!!

 

[Lakshan-Seram]

payment case නම් client මොනවා කිව්වත් server side script language එකකින් api ලියන එක හොදයි...ලංකාවේ ලොකු කොම්පැනි එකකින් ලංකාවේ government එකකට හදපු එකක,payment එකක් කරාම,35 mb java script code එකක් download වෙනකන් payment එක කැරකි කැරකි තියෙනවා...දැන් අඩනවා හදපු විදිය හරි නැහැ කියලා..

au curl karane?

සාමාන්්‍ෙන් නන් ඔය විදියට වෙන් කරන එක තමා විදිය. සමහර පබ්ලික් API ඔය විදියට allow කරන්නෙ නැති උනොත් විතරයි සර්වර් යවන්නෙ.

menna mehema scene ekak karagatta kohomahari

oke green color price eka thama api eken ganne.

Competitor:

oya athi wage

 

[Jack_Sparrow]

magulak katha karanawa. ehema assist karanna meka charity service ekak nemeine. ehenam ICTA eke unta padi gewanne labbatada. un padi ganna me kohewath inna un arunge adu padu hadala denna. labba thamai

competition eka kiyanne okata. loke anith ratawal walata puluwan nam, maha lokuwata radio channel wala awilla ape tracking software eka best in class, patta secure kisima data ekak leak wenne na kiyala pada talks denna puluwan nam me wage dewal walatath muna denna wenawa.

ICTA wage ewala inna unta wada siya dahas gunayak talent eka thiyana sira porawal inne eliye. ekama awula un ICTA eke ewun wage eka ekage puka lewakanna yanne na. e nisa un eliye. lewa kapu ewun gihilla karoth karanne oya wage mari moda wadak thama.

example, UK wala wage oka una nam me weddi hadapu ewun tika hire.. GDPR kiyala deyak ahala thiyanawada danne na. hoyala balahanko ethakota therei.

data breach ekak kiwwama UK IT company wala unta bada yanne nathi tika witharai. mokada unta kelinma mathak wenne e lagata ena lawsuit anan manan

Well said munta mona GDPR Ammo pahugiya tike Europe customer base inna company wala ewun dannawa gdpr goda danna kochchara kattak kanna unada kiyala Mama nam kiyanne meka loku failure ekak implrement karapu ewunge aniwa mun mekata statement ekak denna oni. Salli dila security scan karanna bari nam adugane OWASP ZAP wath duwanna, aduma gane report eke ena nam tikawath search karala deyak igenaganna puluwan

 

[Mr.Thor]

menna mehema scene ekak karagatta kohomahari

View attachment 102827

oke green color price eka thama api eken ganne.



View attachment 102825



Competitor:

View attachment 102824

oya athi wage

per product price ganna request ekak ywanwada ban? thats funcking inefficient neh ban.

Bulk data ganna API ekak hadaganna wei, with pagination.

 

[හෙළයෙක්]

menna mehema scene ekak karagatta kohomahari

View attachment 102827

oke green color price eka thama api eken ganne.



View attachment 102825



Competitor:

View attachment 102824

oya athi wage

එල එල. WS යූස් කරල ඔය ටික ඕක්කොම වැඩිය ලෝඩ් එක නැතුව එෆිශන්ට් කරගන්න පුළුවන්.ඒත් එහෙම රික්වයර්මන්ට් එකක් නැත්තන් වැඩිය වදවෙන්නත් එපා.

Well said munta mona GDPR Ammo pahugiya tike Europe customer base inna company wala ewun dannawa gdpr goda danna kochchara kattak kanna unada kiyala Mama nam kiyanne meka loku failure ekak implrement karapu ewunge aniwa mun mekata statement ekak denna oni. Salli dila security scan karanna bari nam adugane OWASP ZAP wath duwanna, aduma gane report eke ena nam tikawath search karala deyak igenaganna puluwan

මේක වෙන රටක උනා නන් මේ වෙනකොට ලොකුම නිව්ස් එක මේක.
මේක මම කියවපු ආර්ටිකල් එකක තිබ්බ කතාවක්.
"තමන්ගෙ ප්‍රයිවසි එක නැති වෙනකන් තමන්ට කිසිම අදහසක් නෑ ප්‍රයිවසි එක නැති වෙනව කියන්නෙ මොකද්ද කියල."

 

[Lakshan-Seram]

per product price ganna request ekak ywanwada ban? thats funcking inefficient neh ban.

Bulk data ganna API ekak hadaganna wei, with pagination.

oke per row request yanne na ban. eka item ekaka child items tiyenawa rows wala.

db eke total ~150000 child items tiyenawa. but items ~7000i

parent item ekata API call karama child items ganna puluwan.

unge API ekata mokuth karanna ba ban. anna ekai case eka.

api eken ganne puluwan per parent details thama.

me wena wede mata 100% satis na. wena ideas tiyeda balanna denme

එල එල. WS යූස් කරල ඔය ටික ඕක්කොම වැඩිය ලෝඩ් එක නැතුව එෆිශන්ට් කරගන්න පුළුවන්.ඒත් එහෙම රික්වයර්මන්ට් එකක් නැත්තන් වැඩිය වදවෙන්නත් එපා.

poddak explain karapan ko ban

 

[Mr.Thor]

oke per row request yanne na ban. eka item ekaka child items tiyenawa rows wala.

db eke total ~150000 child items tiyenawa. but items ~7000i

parent item ekata API call karama child items ganna puluwan.

unge API ekata mokuth karanna ba ban. anna ekai case eka.

api eken ganne puluwan per parent details thama.

me wena wede mata 100% satis na. wena ideas tiyeda balanna denme



poddak explain karapan ko ban

oka customer facing app ekak nemeda? front end ekata ay ban, megabyte ganan data enne?
Sussestion denna ba ban, whole architecture eka balane nathuwa.

 

[Lakshan-Seram]

oka customer facing app ekak nemeda? front end ekata ay ban, megabyte ganan data enne?
Sussestion denna ba ban, whole architecture eka balane nathuwa.

customer thama ban. meka tikak loku scene ekak.

1. Customer paid subscription ekakin reg wenawa.
2. Porata mobile app ekak hambenawa.
3. Pora app eka use karala product items add karanawa (barcode scan wage methods).
4. Ita passe ewa porage inventory ekata yanawa
5. Same item details 5 denek dala nam auto approve wenawa product eka product database ekata yanawa ohoma ohoma thama db eka grow wenne.

6. Admin login eka normal login ekak. user login eka OAuth

admin case app case okkoma iwarai. den user ta web eken inventory eka manage karanna tiyena part eka tiyenne.

Awla tiyenne me product wala data API eken ganna eka. Mekata caching system ekak dannath ba realtime data one nisa. Moka karannath ban API eken data ganna ma epaye ban list eke pennanna.

Megabyte ganan data yanne product images load wena nisa 3rd party site eken (API owner) eka awlak na meka EUROPE unta data size eka awlak na.

mata one me API hutapateta meeta wada hoda method ekak.

hitapan list ekaka 100 products tiyenawa kiyala. oya 100 ma denata tiyena bid ekak live ganna api call karanne kohomada onna okai prashne

 

[Pinkbc]

magulak katha karanawa. ehema assist karanna meka charity service ekak nemeine. ehenam ICTA eke unta padi gewanne labbatada. un padi ganna me kohewath inna un arunge adu padu hadala denna. labba thamai

competition eka kiyanne okata. loke anith ratawal walata puluwan nam, maha lokuwata radio channel wala awilla ape tracking software eka best in class, patta secure kisima data ekak leak wenne na kiyala pada talks denna puluwan nam me wage dewal walatath muna denna wenawa.

ICTA wage ewala inna unta wada siya dahas gunayak talent eka thiyana sira porawal inne eliye. ekama awula un ICTA eke ewun wage eka ekage puka lewakanna yanne na. e nisa un eliye. lewa kapu ewun gihilla karoth karanne oya wage mari moda wadak thama.

example, UK wala wage oka una nam me weddi hadapu ewun tika hire.. GDPR kiyala deyak ahala thiyanawada danne na. hoyala balahanko ethakota therei.

data breach ekak kiwwama UK IT company wala unta bada yanne nathi tika witharai. mokada unta kelinma mathak wenne e lagata ena lawsuit anan manan

True.

Some of provisions includes in GPDR

This applies to any company or institute whether its government or private who collects/use/share your personnel data.


1. Data Breach Notification - any organization if a data breach occurred should be notify authorities within 72 hours.

In simple term Data breach is unauthorized access to your sensitive data (credit card numbers, mobile numbers, locations) by penetrating organization security controls.

2. Create centralize data protection authority (in Sri lanka we don't have such a thing)

3. Individuals can access their own data

4. Individuals have ability to transfer their personnel information between service providers

5. rights to be forgotten - people can delete their own data if its no longer needed.