I don't know where to post this

The place to kick back, relax, have a few cold ones, and grill a few on the BBQ

I don't know where to post this

Postby dinowuff » Tue Jun 17, 2014 9:18 pm

Not sure if this should be in Security or Joke or the Bar. But check this out. I came across this while fixing a php database.

Code: Select all
 http://something.com/somepage.php?sql=SELECT+password%20as%20user+FROM+users+WHERE+user+=+%27administrator%27


I do like stupidity. It's one thing not to sterilize your input, but to have admin rights to the database in the actual URL - Fuck ME! I've never seen that before!
Image
No lusers were harmed in the creation of this Taz Zone Post.
AND I WANT TO KNOW WHY NOT!
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0
User avatar
dinowuff
I've posted HOW many
 
Posts: 5334
Joined: Sun Dec 25, 2005 11:26 pm
Location: galactic longitude 359° 56′ 39.4″, galactic latitude −0° 2′ 46.2″

Re: I don't know where to post this

Postby SirDice » Wed Jun 18, 2014 11:50 am

That's probably the dumbest thing I've seen in years. What kind of ID-ten-T puts their entire SQL query in a GET method?
Oliver's Law:
Experience is something you don't get until just after you need it.
User avatar
SirDice
I've posted HOW many
 
Posts: 4198
Joined: Mon May 15, 2006 9:59 am
Location: Netherlands

Re: I don't know where to post this

Postby DaFoxx » Wed Jun 18, 2014 12:42 pm

not a programmer guy in any way shape or form, so wouldn't have been able to find that, but once it is pointed out .................
even I can see that is just poor, can only hope it is a test line, but as Dino was working the system, probably not :(

but to show I DO understand the basics, I got XKCD to the rescue :mrgreen:

http://xkcd.com/327/
Beware of Geeks bearing GIF's :mrgreen:
User avatar
DaFoxx
DaBOSS
 
Posts: 8479
Joined: Sun Dec 25, 2005 1:20 am
Location: 3rd Rock from the Sun

Re: I don't know where to post this

Postby dinowuff » Wed Jun 18, 2014 6:05 pm

SirDice wrote:What kind of ID-ten-T puts their entire SQL query in a GET method?


Believe it or not, Corporate America! 10+ million a year company! Just trying to save a buck by using sub standard (idiot) consulting firms.
Image
No lusers were harmed in the creation of this Taz Zone Post.
AND I WANT TO KNOW WHY NOT!
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0
User avatar
dinowuff
I've posted HOW many
 
Posts: 5334
Joined: Sun Dec 25, 2005 11:26 pm
Location: galactic longitude 359° 56′ 39.4″, galactic latitude −0° 2′ 46.2″

Re: I don't know where to post this

Postby chaosclown » Mon Jun 23, 2014 3:57 am

LMAO....wow...just wow :mad:
User avatar
chaosclown
DaJoker
 
Posts: 177
Joined: Mon Nov 05, 2007 3:22 am


Return to TAZ Bar & Grill

Who is online

Users browsing this forum: No registered users and 21 guests