Lootlo.PK Aims to Bring Discounted Deal to Internet Users of Pakistan

Lootlo

Shopping has become as easy as can be with online shopping and as affordable as can be with discounts offered online.

Launched in July 2013, Lootlo.pk – a groupin of Pakistani kind – is one such venture that allows people to benefit from discounts with online shopping. 

This online portal allows customers to buy products or avail services with just a click of a button at massive discounts starting at 50% and going up to a whopping 90%.

It’s as simple as logging on, seeing a deal you like and ordering it. The deals offered include restaurants, spas, saloons, clothing and accessories among other things. The product, or in the case of services or experiences, a voucher, is delivered to the doorstep.

Payment is always made on delivery eliminating any fears of being swindled.

Lootlo.pk features daily market-focused deals on things to do, eat and buy. It is an easy and fun way to get deals on products, services and great experiences. Customers of lootlo.pk get to try new experiences at unbeatable prices.

This venture offers businesses a great way to acquire hundreds of new customers through the power of collective group buying. Discounts are made possible when a certain number of people place an order to avail a deal. This way, customers enjoy massive discounts while the seller can still benefit from bulk sales.

Starting with Karachi, Lootlo.pk is now expanding and is likely to start operations in other cities of Pakistan, very soon.


  • MMMTheHacker

    oops!!!

    • Shahid Saleem

      Yawn, boring, another PHP site with holes.

      It just makes no sense to me. How hard is it to do

      $s = $sqli->prepare(“select whatever from table where thing = ?”);
      $s->bind_param(“i”, $something);
      $s->execute();

      People get all upset and assume I have insulted their parents when I say “PHP site, no wonder it is hacked”. But look at the above three lines. Is it really so hard to do? And yet hundreds of sites are probably hacked every day that are written in PHP, far more than the ones written in safer languages like Ruby or Python or Java or even JavaScript (node).

      What is it about PHP developers that makes them write bad code? Is it the language? Is it the developers? Libraries? Frameworks? What is it that makes PHP a huge black hole of stupidity?

      • MMMTheHacker

        The language is not to blame, it’s the developers that should be blamed. Almost all languages get security updates frequently but the developers are just too lazy to update their site. And this doesn’t even look like a shopping site. It looks more like a blog of some stupid kind. No language, no site, no server, nothing is secure. “Security is just an illusion”

        • Shahid Saleem

          Secure or no, the culture around PHP is what ruins it. Bad libraries, bad examples, bad documentation.

          Just say No to PHP.

          • Khurram ShahzAd

            Above you are telling how to securilly get a parameter in PHP and then now you are saying anything related to PHP is insecure.

            You don’t have an idea man, You are talking about most used sever side scripting language of today.

            • Shahid Saleem

              Man, it’s like you can’t focus on the big picture. You must live on an island, where you generate all your electricity, produce all your tv shows, slaughter all your animals, raise all your fruits. No?

              Welcome to the real world. No matter how well you fix YOUR OWN PHP CODE, you can do very little for the code other people write.

              If you want to set up a CMS or blog and you want to use PHP (for whatever reason), what will you do?

              1. write the entire CMS or blog software from scratch?
              2. use joomla or wordpress or drupal or something like that?

              You will of course do #2. And there you’ve just shot yourself in the foot because ALL of the above, EVERY SINGLE ONE OF THEM, have been audited and found several security holes in them. EVERY YEAR SEVERAL ARE FOUND. And this is the core codebase, not the third-party extensions. They’re even worse quality.

              So, really, I must conclude that you have no idea what you’re talking about. Maybe no one will hack your sites today, or even in the next couple of years, but one day your decision to use PHP will bite you BADLY.

              • TheThing

                hahaha why you have problem with everyone, every thing.. you think you are the only one living on planet who knows everything and absolutely perfect. If so, please die or kill yourself. tumhain wakei koi mental issue hai .. People do whatever they like who are you..?

                • Shahid Saleem

                  The funny thing is, I sleep in peace knowing my work will never be hacked. PHP devs sleep in peace because of their ignorance. Ignorance is bliss, nothing I do or say can convince them or you to open minds to the possiblity that thare ARE better ways to do things.

                  • MMMTheHacker

                    You sleep in peace because you think that your work will “NEVR GET HACKED” ? Hackers wake up with confidence that they can hack anybody’s work. Seriously bro wake up before it’s too late.

                    • Shahid Saleem

                      When you have had sites with 1000+ daily visitors online for eight years without a single successful hack (and many many attempts every month), then yes, you sleep soundly. Or rather, I do.

                    • MMMTheHacker

                      Well can you tell me that among those attempts how many of them were actually very critical? Or who performed them? Perhaps you can’t answer my second question because you don’t know who was behind them. If you really want to check your site’s security then put up a bounty and ask raffay baloch (security researcher who found vulnerabilities in PayPal bounty program and was offered a job at PayPal) to check your super secure site.

                    • Shahid Saleem

                      Thank you for the suggestion.

                    • Khurram ShahzAd

                      So please act on it and tell us about it.

                  • Khurram ShahzAd

                    Nothing is perfect in this world my friend. If you think your code is most secure, then here is the news flash, even Google and other big orgs can’t claim their systems are hack proof or attack proof. YOu have to get your stuff strait.

                    • MMMTheHacker

                      Exactly.

              • MMMTheHacker

                Ok man, lets get this straight. You are saying that developers should not use PHP for security or whatever reason. If just for some time we follow your advice and quit using PHP then plz tell us which language should we use? No matter which language you will tell me, there will be millions and trillions of exploit available for it. You need to understand one simple thing and i.e. You have to be smart enough to secure your site or blog. If you can’t secure your site for whatever reason then plz don’t blame the language.

                • Shahid Saleem

                  First of all, if you are going to have to secure your site, shouldn’t you start by using heavy cement wall (better language) than thin wooden door (PHP)? When you KNOW that PHP sites and softwares are harder to secure, then what possible execuse do you have for using it and not other languages???

                  Also Total BS on your numbers. Here, I give you evidense. Go to php’s website, scroll to the bottom of the page and click on “Older News Entries”. Select the year 2013. Control-F security and count the number of release in just the last year alone.

                  This is PHP itself, not any third party modules or frameworks or nothing. Just PHP. If you search for CVE entries for PHP or RHSA security advisories you will see that almost all of them are **CRITICAL** security updates.

                  So repeat for ruby. On ruby-lang site, click on their security link. There are six entries for 2013. Click on their news section, then news for 2013 and you will see that out of those 6, only 2 are critical enough for them to recommend an upgrade.

                  Let’s try python. I could not find it on their web site, but I used cvedetails .com and found three vulnerabilities for python for 2013. None of them critical.

                  Zend framework had four security advisories in 2013. CakePHP had three critical releases in 2013.

                  So what about other languages? Ruby on rails is very famous. According to it security announcement list, there were 10 non-critical security fixes in 2013. Python most famous frameworks are django and flask. django had three security updates in 2013, two of them after a peculiar SSL attack was discovered at a conference in August. Flask I don’t know if it even had a security bugfix in 2013, despite being very active developed.

                  Back to PHP. Try wordpress blog. Four security updates in 2013. Joomla, Amazing! Just typing

                  2013 joomla “critical level security issue”

                  and restricting the search to joomla site should be enough to make your stomach upset. And millions of people depend on this softwares???

                  • MMMTheHacker

                    First of all “Mind Your Language”. Secondly, don’t tell me about the history of security updates of different languages. Thirdly, tell me something, if those vulnerabilities were fixed by the developers then don’t forget that they were first discovered by security researchers/white hats. Everyday, many 0 day exploits appear on the internet and they are sold with huge amount money because the person who developed that exploit did a thorough research on it and didn’t wasted his time writing comments on propakistani like you and me. And here is a funny thing for you, propakistani is based on WordPress which ironically uses PHP.

                    • Shahid Saleem

                      You may find it ironical, yet propakistani has been defaced in the past. Which really helps prove my point, since I do not think they have any custom PHP code of their own (other than theme).

                      Really, no matter what reason I give you, you still prefer using tissue (PHP) to cover your body than cloth (anything else).

                    • MMMTheHacker

                      Hahahaha. Bro do you have any idea how it was hacked? Maybe you need some sleep.

                    • Shahid Saleem

                      Yeah, vbulletin hole. I had forgotten about that. My mistake.

                      (And yet, what is vbulletin written in?)

                    • MMMTheHacker

                      I don’t know if you are older than me or not but if you are then I am truly sorry but I have to say this that explaining you something is just like:
                      “Bhains ke age been bajana”

                    • Shahid Saleem

                      Let’s assume I am older. Then maybe JUST MAYBE I also have more experience, no?

                      To help you, I will state this: I used PHP first in 1996. I built websites in it. At that time, people did not have as many options as they do today. No Rails. No django. No JSP. Even Amazon wrote custom CGI in C/C++ at that time. Most people used perl.

                      But it is not 1996 any more. Almost 20 years later, WHY WOULD ANYONE USE THAT LANGUAGE PHP??

                    • MMMTheHacker

                      Well you definitely are older than me and sorry for that idiom. If propakistani was hacked because of a vulnerability in vbulletin then think that why the hacker couldn’t hack propakistani itself without using that vulnerability? That’s because he couldn’t find any vulnerability at that time but he might find it in the future. So, that once again weakens your point of view.

                    • Shahid Saleem

                      My point of view is: don’t trust PHP because the PHP world is not famous for its secure software. That point remains unchallengeable. Simply browsing zone-h archives to see what software sites that are defaced run should be sufficient to convince anyone that there is a problem with PHP.

                      Again, even if 100% of the PHP code you write is safe and secure, the libraries frameworks plugins etc you depend on ARE NOT.

                    • MMMTheHacker

                      Good Bye Sir.

                • Khurram ShahzAd

                  What he is saying is “In php people can program bad”, derived from his comment “you can’t do anything about the others’ code”. What he does not know is people can also program bad in other languages too.

                  • MMMTheHacker

                    Don’t know how to explain this to him.

                  • Shahid Saleem

                    And yet, defaced sites are almost always PHP or ASP.

                    I still await your explaination for that. Yes, it is possible to write bad code in any language, but then why aren’t sites written in other languages defaced as much? Why do the bad programmers prefer PHP?

                    • MMMTheHacker

                      I want your answer on this question. If let’s suppose I want to target a specific site for example: propakistani.com, would I first request aamir to plz change your CMS to one which uses ruby? PHP is the mosly used language nowadays and that’s why most exploits are released for it. This is same with windows and Ubuntu. Windows is the mostly used os nowadays which makes it a high target for hackers. But this doesn’t mean that people should stop using windows. If the website I want to hack uses PHP what can I do for it? There are so many PHP sites which can be said secure. If your site gets hacked then it’s on you and not the language.

              • Khurram ShahzAd

                haha what a conflicted comment you had here. The place where you are saying “you can do very little for the code other people write”, then please blame those people (developers) who don’t follow standards and have less knowledge about securing the application. Please don’t blame PHP.

                • Shahid Saleem

                  I ask you, “What standards”? Can you show me standards for secure, safe writing of code in PHP? Can you even show me if you personally FOLLOW those standards?

                  I mean, if you have to google to give me the answer to this question, then you are a bad programmer.

        • Khurram ShahzAd

          I totally agree, the Devs are to be blamed who do not keep their knowledge updated. Most secure websites can be developed in PHP , person must know how to correctly use functions and stuff.

          • Shahid Saleem

            For how long will you blame devs who USE PHP and not devs who CREATE PHP and PHP libraries and PHP frameworks? How many PHP web sites have to be defased before you get some sense into your head and think that mabye just mabye PHP is not the right environment to be in?

            • Khurram ShahzAd

              You really have no idea about this stuff. The Ones who have written extended libraries of PHP and specially the frameworks or the CMS they are all the one who Used PHP and are not the ones who created PHP.

              Its about seven years I am continuously developing in PHP and I can safely say, you have no idea what you are talking about.

              • Shahid Saleem

                I am sure the distinction you are trying to make is not one I caused. I know there are different groups of people who work on PHP core, PHP frameworks, etc etc.

                And really, if you write safe PHP code, congratulations! you’re a minority. If you write safe Ruby or Python code, no one would care: it’s expected behaviour. But for PHP, congratulations, again!

            • X-Powered

              Plus the fact is amount of developments made in PHP is way more than any other scripting language. Even search shows servers running PHP are more than 13736359 whereas only 22641 on Ruby. This is self explanatory why hackers tend to find vulnerabilities in PHP.

              • Shahid Saleem

                That is a common argument, and I am sure there is some truth in that. The biggest group gets the most attacks, just like there are more attacks and viruses against Windows than against OS X or Linux. But it doesn’t answer the fundamental question: if you KNOW your community has bad apples, why would you continue to reside there? If all it takes is a few weeks of learning to pick up django or spring or rails, why won’t you make the effort?

                In our industry, there is competition. But there is less competition for Ruby programmers than there is for PHP. If you want to distinguish yourself, won’t you even consider a different environment? What are people afraid of? do they think that the PHP they code in when they are 24 years old is the same PHP they will want to code in when they are 54?

                • MMMTheHacker

                  I saw a bad apple and I just exposed it. Now that bad apple should take a lesson and try to become a good sweet apple. If there are so many flaws in PHP, then being a good programmer you should tell the developers of PHP to correct them. And if you can’t then plz don’t complain about it here.

                  • Shahid Saleem

                    There are a crore things I would rather do than read or write PHP code, especially someone elses badly written code. My days of dealing with that hellhole are long gone.

                    Now I just try to convert them to better runtimes.

                    • SAM

                      Check this and then come back for discussion :)

                      http://en.wikipedia.org/wiki/Programming_languages_used_in_most_popular_websites

                      By the way i know your answer already

                    • Shahid Saleem

                      What’s there to discuss? Do you really believe these top sites that use PHP and ASP uses the same coding libraries and practices that smaller sites do? For example Facebook PHP is not even 100% PHP language, they just use a subset which compiles with their HipHop system.

                      My point is: people write bad PHP code. People write bad PHP libraries and examples. There are better languages out there. Why would you pick PHP over a better language? Is it because you have herd instinct and are afraid to learn something new?

                      Should you choose the best tool for the job or not? Is PHP that tool? I don’t think so.

                    • Shahid Saleem

                      Interesting, at the bottom of your link was something about TIOBE. On TIOBE site of language popularity, I looked at PHP’s stats. Guess what, they’re going down. It’s at an 11 year low.

                    • Dev

                      Okay, you don’t use PHP.. but let other do.. Simple. Or do a worldwide procession so everybody would listen you. Mind your own business.

                    • Shahid Saleem

                      Strange that you tell me to mind my own business, but have no words for the guy who found a hole in their site. Certainly he wasn’t minding his own business — unless his business is to publicly exploit and shame websites.

                      Everyone is free to use (or not use) PHP, but it’s really boring seeing sql injection/xss hacks on PHP sites. So boring. Give me something new for entertainment please!

                    • MMMTheHacker

                      Bro now you are crossing the line. I did that for their own good. I didn’t damaged anything in their site nor I have any plan to do it in the future. You are accusing me of something that I don’t do.

                    • Shahid Saleem

                      If you did it for THEIR OWN GOOD, why did you post it here? You should have emailed them directly. There was no need for public exposure of something like this. In fact, even if they had fixed that particular bug, you’ve now brought more eyeballs to their site, people who might try other kinds of attacks.

                      But i understand. You are MMMTheHacker, not MMMTheResponsibleWhitehatHacker.

                    • MMMTheHacker

                      why don’t you just kill yourself Mr.PHPHATER? Enjoy your all favourite “Ruby Anti On Rail” or mango, bango or whatever and don’t show your hate to PHP here. Show it to the PHP developers “Mr.SHAHID SALEEM THE ONE IN THE WORLD PROGRAMMER”

                    • Shahid Saleem

                      Ha ha, looks like I struck a nerve. I wonder if it was by being correct.

                    • MMMTheHacker
                    • Shahid Saleem

                      Oh, and I read the Facebook RCE report earlier before you posted. (Who hasn’t?) And what is it supposed to prove? That there are bugs in software other than PHP? For a bug that was reported publicly in 2012 and not fixed in many sites (not just Facebook)…so what?

                    • MMMTheHacker

                      I wonder how much patience your friends and family have.

                    • MMMTheHacker

                      Don’t waste your time bro. He’s not going to accept anything we say.
                      “By the way i know your answer already”

                      lols

      • Amir

        Keep crying Mr. Perfect!

        • Shahid Saleem

          I don’t cry, PHP web admins who are hacked cry :):):)

          • MMMTheHacker

            No comments!!

    • Shahid Saleem

      Oh, look — an RCE in Yahoo. Guess what language… oh, I guess you don’t need to guess.

      • MMMTheHacker

        lols. You seriously need to consult a doctor. You have PHPPhobia.

  • Badar Iqbal

    is it loot lo or lutwa lo :P? original prices are already high than a massive discount which is none just a making fool of people. after discount prices come to such price which are profitable 200 percent after delivery.

  • Guest

    loot lo bhai Pakistani awam to hamesha se he luwa rahe hen sb kuch,,
    ab tm b loot lo

  • desi123

    No https on their checkout page, I’d rather stay away.

  • umair

    The quality is not the same things are not as good as 1 expected to be…………

  • Shahid Saleem

    I don’t know, is it?

    • MMMTheHacker

      Lols. Don’t worry I am not going to do anything wrong. I just saw something in this site. So, tell me is it yours?
      I was actually about to do a dox on you but after having a look at this site I stopped because I saw something funny.

  • good to know this News