I don't know where to post this

The place to kick back, relax, post general bullshit, and grill a few on the BBQ. Whatever doesn't fit into another forum would go here. We periodically go through and move posts to the correct forum, but we do charge a case of Beer every time we have to.
Post Reply
User avatar
dinowuff
I've posted HOW many
Posts: 5330
Joined: Sun Dec 25, 2005 11:26 pm
Are you a Spammer: No
Location: galactic longitude 359° 56′ 39.4″, galactic latitude −0° 2′ 46.2″
Contact:
Contact dinowuff

I don't know where to post this

Post: # 145497Post dinowuff
Tue Jun 17, 2014 9:18 pm

Not sure if this should be in Security or Joke or the Bar. But check this out. I came across this while fixing a php database.

Code: Select all

 http://something.com/somepage.php?sql=SELECT+password%20as%20user+FROM+users+WHERE+user+=+%27administrator%27
I do like stupidity. It's one thing not to sterilize your input, but to have admin rights to the database in the actual URL - Fuck ME! I've never seen that before!


Image
No lusers were harmed in the creation of this Taz Zone Post.
AND I WANT TO KNOW WHY NOT!
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0
Top
User avatar
SirDice
I've posted HOW many
Posts: 4196
Joined: Mon May 15, 2006 9:59 am
Are you a Spammer: No
Location: Netherlands

Re: I don't know where to post this

Post: # 145499Post SirDice
Wed Jun 18, 2014 11:50 am

That's probably the dumbest thing I've seen in years. What kind of ID-ten-T puts their entire SQL query in a GET method?
Oliver's Law:
Experience is something you don't get until just after you need it.
Top
User avatar
DaFoxx
DaBOSS
Posts: 8783
Joined: Sun Dec 25, 2005 1:20 am
Are you a Spammer: No
Location: 3rd Rock from the Sun

Re: I don't know where to post this

Post: # 145500Post DaFoxx
Wed Jun 18, 2014 12:42 pm

not a programmer guy in any way shape or form, so wouldn't have been able to find that, but once it is pointed out .................
even I can see that is just poor, can only hope it is a test line, but as Dino was working the system, probably not :(

but to show I DO understand the basics, I got XKCD to the rescue :mrgreen:

http://xkcd.com/327/
Beware of Geeks bearing GIF's :shock:
Top
User avatar
dinowuff
I've posted HOW many
Posts: 5330
Joined: Sun Dec 25, 2005 11:26 pm
Are you a Spammer: No
Location: galactic longitude 359° 56′ 39.4″, galactic latitude −0° 2′ 46.2″
Contact:
Contact dinowuff

Re: I don't know where to post this

Post: # 145502Post dinowuff
Wed Jun 18, 2014 6:05 pm

SirDice wrote:What kind of ID-ten-T puts their entire SQL query in a GET method?
Believe it or not, Corporate America! 10+ million a year company! Just trying to save a buck by using sub standard (idiot) consulting firms.
Image
No lusers were harmed in the creation of this Taz Zone Post.
AND I WANT TO KNOW WHY NOT!
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0
Top
User avatar
chaosclown
DaJoker
Posts: 174
Joined: Mon Nov 05, 2007 3:22 am
Are you a Spammer: No

Re: I don't know where to post this

Post: # 145505Post chaosclown
Mon Jun 23, 2014 3:57 am

LMAO....wow...just wow :mad:
Top
Post Reply

Return to “TAZ Bar & Grill”