Quote from crundy on December 1, 2011, 22:40
Oh wow, so the whole thing was just a "security through obscurity" excercise and the application form was just sitting there as a static page all along? They didn't even bother to make the last step release a key which gets verified by the server before displaying the "congrats" page? Honestly, if this is this country's idea of security then we're all screwed.
I'm gonna see if the app form is vulnerable to a SQL injection exploit just to get my own back.
what makes you think they were trying to hide the page? lets see how far you get when you put on the application form: 'i just googled for the answer'