How publicly released exploits helped WorkSimple

[Photo by Honza Soukup]

A couple years back when I released WorkSimple, my PHP knowledge was very limited. I went through a couple versions of WorkSimple adding features and such but without thinking of security. Then, about a year and a half ago, I came upon a zero-day exploit site [1][2] site. On the site, it chronicled the current exploits in WorkSimple. Now, of course I acted quickly and fixed the problems. At first, I was offended by this. Then, I realized the helping hand it had lent me. Not only did these sites show how one could use the exploit, but also how to fix it. The user login system used MD5 hashed passowords in a specified [plain text] file in a specified place. After, the hashes were salted and in a .php file as not to display the contents.