- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
No Comment for You
Admin
;INSERT INTO comments (author, comment) VALUES ('jector','frist');
Admin
Mitchell is my new hero.
Admin
I LOVE IT.
Circumvent the assholes using their own buggy code.
Not a WTF but a TGW, Truly Great Workaround.
Admin
Knew as soon as I saw the 'id=' how this was going to work. Surprising to see a long-time dev who actually understands the vulnerabilities of unescaped queries. The old adage about great power/responsibility applies, but a very nice use of them to sidestep the red tape. Just as well these applications are internal!
Admin
Best anecdotal-style article for a while. It has a start, a middle and an end, is entertaining, and makes you go "WTF". Good job.
Admin
SOP for me for a couple of decades. What they don't know, won't hurt me. It takes at least as long for them to fix something as it did to WTF it up in the first place.
Admin
I've had plenty of jobs where I didn't have access to the production data. This sounds like a brilliant -- or brillant -- idea for a subtle back door.
Admin
Really?
Admin
"cloumns"
Admin
"Best anecdotal-style article for a while."
Maybe Blakeyrat will be appeased for a while. (But I doubt it.)
Admin
I've done something similar; I was tasked with adding a new process to our big 3rd party financial system. It has a web based interface that companies could customize using their web-based editor. I guessed, correctly, that they weren't properly escaping HTML when an end user types in a URL for a hyperlink -- so I injected some JavaScript to get the job done.
Admin
☭
Admin
why do you spam this shit? if you don't like the site, go somewhere else
Admin
All is fun and games until a select statement locks up the writes and the logs show sql injection was used to access data. If the data they are accessing is unauthorized, we are looking at a criminal activity. This is hyperbole I understand, but in today's political climate can we expect any less?
Admin
Backup "Bakcup"
Admin
With a little bit of political ability, you could play it along the lines of "innocent intern didn't know better", have the intern get away with a slap on the fingers and have the ticket-Nazi sacked for allowing this security hole to exist.
Admin
Triggered much, you fat autistic slampig? Kill yourself fam :^)
Admin
You'd think this website molested your sister as a child or something the way you carry on about how horrible it is.
Admin
Good job on just provoking the troll even further. You're just as much of a stupid cunt as he is. Imo guest posting needs to be turned off - permanently - that way stupid little kids like you and the troll can just fuck off forever.
Admin
That guy is in charge of the DATABASE. This is a problem with the CODE. How is it his fault?
Admin
My hero...
Admin
Lazily reading it until I felt like a shudder was sent through me: "35,000 lines of Perl written back in the 90s and nobody really understands what it does". Quite familiar.
Admin
You're right, I misread that part. Damn, I really liked that plan.
Admin
ini sebuah generasi yang mantaf sekali ya