• Martijn Otto (unregistered)

    No Comment for You

  • jector (unregistered)

    ;INSERT INTO comments (author, comment) VALUES ('jector','frist');

  • Cheesehead (unregistered)

    Mitchell is my new hero.

  • Appalled (unregistered)

    I LOVE IT.

    Circumvent the assholes using their own buggy code.

    Not a WTF but a TGW, Truly Great Workaround.

  • Gargravarr (unregistered)

    Knew as soon as I saw the 'id=' how this was going to work. Surprising to see a long-time dev who actually understands the vulnerabilities of unescaped queries. The old adage about great power/responsibility applies, but a very nice use of them to sidestep the red tape. Just as well these applications are internal!

  • (nodebb)

    Best anecdotal-style article for a while. It has a start, a middle and an end, is entertaining, and makes you go "WTF". Good job.

  • Burner (unregistered)

    SOP for me for a couple of decades. What they don't know, won't hurt me. It takes at least as long for them to fix something as it did to WTF it up in the first place.

  • jay (unregistered)

    I've had plenty of jobs where I didn't have access to the production data. This sounds like a brilliant -- or brillant -- idea for a subtle back door.

  • Anonymouse (unregistered)

    Surprising to see a long-time dev who actually understands the vulnerabilities of unescaped queries.

    Really?

  • spell checker (unregistered)

    "cloumns"

  • Verisimilidude (unregistered) in reply to WTF

    "Best anecdotal-style article for a while."

    Maybe Blakeyrat will be appeased for a while. (But I doubt it.)

  • Wayne (unregistered)

    I've done something similar; I was tasked with adding a new process to our big 3rd party financial system. It has a web based interface that companies could customize using their web-based editor. I guessed, correctly, that they weren't properly escaping HTML when an end user types in a URL for a hyperlink -- so I injected some JavaScript to get the job done.

  • (nodebb)

  • user (unregistered)

    why do you spam this shit? if you don't like the site, go somewhere else

  • Ali Razeghi (google)

    All is fun and games until a select statement locks up the writes and the logs show sql injection was used to access data. If the data they are accessing is unauthorized, we are looking at a criminal activity. This is hyperbole I understand, but in today's political climate can we expect any less?

  • byteflush (unregistered) in reply to spell checker

    Backup "Bakcup"

  • (nodebb) in reply to Ali Razeghi

    With a little bit of political ability, you could play it along the lines of "innocent intern didn't know better", have the intern get away with a slap on the fingers and have the ticket-Nazi sacked for allowing this security hole to exist.

  • b l a k e y r a t (unregistered) in reply to user

    Triggered much, you fat autistic slampig? Kill yourself fam :^)

  • blakeyshat (unregistered) in reply to b l a k e y r a t

    You'd think this website molested your sister as a child or something the way you carry on about how horrible it is.

  • imblakeyrat2 (unregistered) in reply to blakeyshat

    Good job on just provoking the troll even further. You're just as much of a stupid cunt as he is. Imo guest posting needs to be turned off - permanently - that way stupid little kids like you and the troll can just fuck off forever.

  • moridin84 (unregistered) in reply to ScienceCat

    That guy is in charge of the DATABASE. This is a problem with the CODE. How is it his fault?

  • aaron (unregistered)

    My hero...

  • alf (unregistered)

    Lazily reading it until I felt like a shudder was sent through me: "35,000 lines of Perl written back in the 90s and nobody really understands what it does". Quite familiar.

  • (nodebb) in reply to moridin84

    You're right, I misread that part. Damn, I really liked that plan.

  • ridif (unregistered) in reply to jector

    ini sebuah generasi yang mantaf sekali ya

Leave a comment on “No Account for You”

Log In or post as a guest

Replying to comment #:

« Return to Article