• bob (unregistered) in reply to savar
    savar:
    Anonymous:
    What's wrong with all of you?The wtf is that this ended up on the daily wtf.Shock news: Somebody studying for a BSc, with (presumably) no security knowledge, or training, and little experience of coding generally, writes crap security code.
     Yeah, I liked this WTF. Whereas most WTFs are the same code -- except discovered in production -- this WTF is about a college student who wrote some code that he new wasn't perfect (okay, so it turned out to be much less than perfect) and he asked an older friend who he knew had some expertise to review it for him. This is actually really great news. Think about all the WTFs that this kid *won't* make when he gets into the real world because he's doing it for fun/for class now. Moreover, unlike so many of the noob posts you see in other developer forums, the kid isn't asking dumb questions like "h3y how doo eye pr0tecT my javascirpt cod3 so nobodyz else cAn steel it?"
  • virginia (unregistered) in reply to Mr. Sparkle
    Mr. Sparkle:
    Never mind about the =3D things. Thanks, foxy. I knew that wasn't a C# operator, but I was wondering what sort of encoding error would cause it.The real WTFs here are the people badmouthing a student for not knowing the things he's going to school for, and the people who just don't know any better badmouthing Microsoft for writing a language that supposedly uses the =3D operator.
  • virginia (unregistered) in reply to Mr. Sparkle
    Mr. Sparkle:
    Never mind about the =3D things. Thanks, foxy. I knew that wasn't a C# operator, but I was wondering what sort of encoding error would cause it.The real WTFs here are the people badmouthing a student for not knowing the things he's going to school for, and the people who just don't know any better badmouthing Microsoft for writing a language that supposedly uses the =3D operator.
  • ashanti (unregistered)

    please get me a password and username and i will add you to playgames on yahoo please go on it now

  • dan krüsi (unregistered)

    Yummy, that not only is giving away passwords, but is also vulnerable to SQL Injection!

    At least the applicaiton will tell me that my SQL Injection is wrong and incorrect as I am doing it hehe...

  • lorraine (unregistered) in reply to Gareth Martin
    Gareth Martin:
    This reminds me of my high-school's old "Personal Review" database. The name might not be right, but basically the idea was that the students and teachers both comment on the student's progress over the year. The school used to print out templates and write on them, but someone decided to computerise the lot. Unfortunately the school had one of the world's worst IT people do it, so they ended up with the following:

    It was built in some database software that I forget the name of, that allowed multiple simultaneous network logins to the same database. There were only a few passwords (no usernames), two of which were "student" and "staff" (guess which one we were given and which one we guessed). The different users defined the permissions for viewing or editing different database fields and different forms. So the students could see but not edit the teacher's comments, etc.

    The clever part was the way they made it so you could only open your own report (considering all the students loggen in to the database with the same "student" login): After passing through the real database login you were presented with the "login" form, which was a standard MS-Access-style for with a pair of text boxes (for username and password). IIRC these matched our computer logins. Unfortunately, this "login" form only worked because it automatically entered SEARCH(exact) mode when it was opened. Pressing login performed the search and redirected you to the form where you could edit your record. If you used the menu to cancel the search you could browse the entire database at will, getting anyone's username and password, and editing their personal review...

    Couple that with the "staff" db login, you could tell the other students what the teacher really thought about them. (insert evil grin smile here)

  • dfg (unregistered) in reply to Wierenfest

    gf

  • lee malatare (unregistered) in reply to ikegami
    ikegami:
    Tim Gallagher:
    sb.Append("SELECT Passwd FROM [Users] WHERE Username='"); sb.Append(this.txtUsername.Text + "'");
    It's also vulnerable to SQL Injection Attacks!
  • rao (unregistered) in reply to ikegami

    hai

  • rao (unregistered)

    this process very useful

  • stefano (unregistered)

    password f1 2010 pc

  • Kryptus (unregistered) in reply to ikegami
    ikegami:
    Tim Gallagher:
    sb.Append("SELECT Passwd FROM [Users] WHERE Username='"); sb.Append(this.txtUsername.Text + "'");
    It's also vulnerable to SQL Injection Attacks!

    No this is totally secure ! Best login routine ever !!

  • Pharme271 (unregistered)

    Hello! bccfakk interesting bccfakk site! I'm really like it! Very, very bccfakk good!

  • andriierick (unregistered) in reply to Gareth Martin
    Gareth Martin:
    What, no line breaks on this software? And no preview button? Bah.
  • andri erick (unregistered) in reply to andriierick
    andriierick:
    Gareth Martin:
    What, no line breaks on this software? And no preview button? Bah.

Leave a comment on “Passwords! Get Your Free Passwords Here!”

Log In or post as a guest

Replying to comment #:

« Return to Article