Its freezing cold outside and few of us were still at office in late hours to test our research appetite. Stomach was making some nasty noises and we thought of having some pizza. Most of us like PizzaHut and sooner it was decided to order it from there. One among us wanted to make the pizza selection from PizzaHut website and he rushed to his computer. The moment, PizzaHut website got loaded on the browser, we all jumped on his computer screen. Either the website wanted to teach us SQL queries or it was badly messed up.
Website landing page loaded some exceptions with file path disclosures and session data and the next page was full of SQL queries. It was a big bang surprise for us to see this, as last year PizzaHut’s competitor Dominos came into the headlines for a serious security breach with customers’ data leakage including customer’s names, contact details, passwords, and what not.
The lame error messages popping up in the browser suggest that not even the basic level of security measures are applied at the PizzaHut website and we didn’t feel like to try extra hard to conclude this. The Dominos news should have been considered as a learning instance by PizzaHut but appears, its also waiting for some big news like the peer. Hackers have been targeting such public portals to steal the customer data and utilize it later for malicious activities. Below are the screenshots with the errors on PizzaHut website and we were certain that entire site would be flooded with similar problems at rest of the pages. Forget about security testing, we can’t even think of a proper quality testing looking at such error messages! As a responsible company, a communication has been to Pizzahut India twitter account. Empty stomachs can’t spend time searching for official email addresses online. Hope the message gets forwarded to their IT.
OOPS! We got our Pizza delivered. Thank you PizzaHut, you really took care of us in this crazy cold night 🙂