Reverse Brute Force

2007-12-19

by Jake Vinson in CodeSOD (131 Comments)

When David was approached by a colleague for an estimate on some PHP work, David insisted that he'd need to see some of the code first. The only background David had on the project was that it was a PHP site with a MySQL backend, and a pretty sizable user base.

When David received the code, the first thing that he noticed was an unreasonably large file called namelib.php. It was apparently intended to clean up users' first names...

<?
$name = $_GET['name'];
switch($name)
{
	case "aafke":
		echo "Aafke";
		break;
	case "aaron":
		echo "Aaron";
		break;
	case "abbie":
		echo "Abbie";
		break;
	case "abby":
		echo "Abby";
		break;
	case "abdel":
		echo "Abdel";
		break;
	case "abe":
		echo "Abe";
		break;
	case "abeltje":
		echo "Abeltje";
		break;

	/* Snip */

	case "zora":
		echo "Zora";
		break;
	case "zorah":
		echo "Zorah";
		break;
	case "zuzana":
		echo "Zuzana";
		break;
	case "zuzanna":
		echo "Zuzanna";
		break;
	case "zuzanny":
		echo "Zuzanny";
		break;
	default:
		echo $name;
                  // Name not in the database yet, lowercase is better than nothing
}
?>

David couldn't help but smile as he replaced thousands of lines of generated code with one easy line:

echo ucfirst($_GET['name']);

Share Reverse Brute Force:

Featured Comments (All Comments • Add Comment)

Re: Reverse Brute Force

2007-12-19 08:11 • by Tom Melly (unregistered)

167522

Reply Quote

This type of error mystifies me - does it never occur to them, when they're coding this stuff, that there might, y'know, be a better way? That maybe, y'know, people have dealt with this kind of issue before?

I mean, even if they don't know (or don't suspect) that there might be a built in function, don't they even look around for something else? Some example code? Anything?

Re: Reverse Brute Force

2007-12-19 08:52 • by gabba

167542

Reply Quote

Can't wait for the next installment, in which we learn the process by which names are added to "the database".

Re: Reverse Brute Force

2007-12-19 09:08 • by crxs (unregistered)

167547

Reply Quote

...being paid on Lines Of Code, David had to pay $320.50 when he finished the project.

Re: Reverse Brute Force

2007-12-19 09:31 • by Migala (unregistered)

167553 in reply to 167548

Reply Quote

Ben:
echo ucfirst($_GET['name']);

The real WTF is how this guy just added an XSS vulnerability.

That has always been there:


default:

	echo $name; // Name not in the database yet...

Re: Reverse Brute Force

2007-12-19 11:10 • by Carra (unregistered)

167610

Reply Quote

I be he wrote a smart script to create all those files instead of writing em all!

Something like:

open(MYFILE, "c:\\myNames.txt");
@lines = <MYFILE>;
close(MYFILE);
foreach $line (@lines){
print "\t case " . $line;
substr($line, 0, 1) =~ tr/[a-z]/[A-Z]/;
print "\t\t echo " . $line;
print "\t\t\ break;\n"; #Can't forget this!
}

« ITAPPMONROBOT

Their Version of Cut and Paste »

Reverse Brute Force

Featured Comments (All Comments • Add Comment)

Re: Reverse Brute Force

Re: Reverse Brute Force

Re: Reverse Brute Force

Re: Reverse Brute Force

Re: Reverse Brute Force

SUBMIT YOUR WTF

Content

Random Article

All Articles

Free WTF Swag!

Sponsored by

Side Bar WTF