• dan krüsi (unregistered)

    Yummy, that not only is giving away passwords, but is also vulnerable to SQL Injection!

    At least the applicaiton will tell me that my SQL Injection is wrong and incorrect as I am doing it hehe...

  • lorraine (unregistered) in reply to Gareth Martin
    Gareth Martin:
    This reminds me of my high-school's old "Personal Review" database. The name might not be right, but basically the idea was that the students and teachers both comment on the student's progress over the year. The school used to print out templates and write on them, but someone decided to computerise the lot. Unfortunately the school had one of the world's worst IT people do it, so they ended up with the following:

    It was built in some database software that I forget the name of, that allowed multiple simultaneous network logins to the same database. There were only a few passwords (no usernames), two of which were "student" and "staff" (guess which one we were given and which one we guessed). The different users defined the permissions for viewing or editing different database fields and different forms. So the students could see but not edit the teacher's comments, etc.

    The clever part was the way they made it so you could only open your own report (considering all the students loggen in to the database with the same "student" login): After passing through the real database login you were presented with the "login" form, which was a standard MS-Access-style for with a pair of text boxes (for username and password). IIRC these matched our computer logins. Unfortunately, this "login" form only worked because it automatically entered SEARCH(exact) mode when it was opened. Pressing login performed the search and redirected you to the form where you could edit your record. If you used the menu to cancel the search you could browse the entire database at will, getting anyone's username and password, and editing their personal review...

    Couple that with the "staff" db login, you could tell the other students what the teacher really thought about them. (insert evil grin smile here)

  • dfg (unregistered) in reply to Wierenfest

    gf

  • lee malatare (unregistered) in reply to ikegami
    ikegami:
    Tim Gallagher:
    sb.Append("SELECT Passwd FROM [Users] WHERE Username='"); sb.Append(this.txtUsername.Text + "'");
    It's also vulnerable to SQL Injection Attacks!
  • rao (unregistered) in reply to ikegami

    hai

  • rao (unregistered)

    this process very useful

  • stefano (unregistered)

    password f1 2010 pc

  • Kryptus (unregistered) in reply to ikegami
    ikegami:
    Tim Gallagher:
    sb.Append("SELECT Passwd FROM [Users] WHERE Username='"); sb.Append(this.txtUsername.Text + "'");
    It's also vulnerable to SQL Injection Attacks!

    No this is totally secure ! Best login routine ever !!

  • Pharme271 (unregistered)

    Hello! bccfakk interesting bccfakk site! I'm really like it! Very, very bccfakk good!

  • andriierick (unregistered) in reply to Gareth Martin
    Gareth Martin:
    What, no line breaks on this software? And no preview button? Bah.
  • andri erick (unregistered) in reply to andriierick
    andriierick:
    Gareth Martin:
    What, no line breaks on this software? And no preview button? Bah.

Leave a comment on “Passwords! Get Your Free Passwords Here!”

Log In or post as a guest

Replying to comment #:

« Return to Article