• (cs)

    "as a Firefox user, Mike is used to this." - do I detect badly hidden anti-Firefoxism? Tbh, sites whose JavaScript doesn't work in FF are very very rare. I've probably seen about three during the years I've been using FF. Wonder what kind of sites "Mike" frequents if he is used to JS errors.

  • (cs) in reply to MaGnA
    MaGnA:
    Searching for "navToUrlForFirefo" in Google didn't yield any results so I'd say that they at least knew how to use the robots.txt file. So we can forget about DROPping any tables...


    That sounds familiar.  Did we already come across that WTF a few months ago?

  • (cs)

    Am I the first to notice that their queries are not properly escaped? That is the real WTF!

  • (cs) in reply to Tanish
    Anonymous:

    Forgot that HTML crap... Who's the girl playing foosball whose left breast we're all oogling, what's what I want to know!



    You must be new here.  Everyone knows that she is Paula Bean.
  • (cs)
    Alex Papadimoulis:

    Think of the WTFU Alma Mater and send it to me. I'll post my favorite tomorrow and send the author some DailyWTF Swag.



    What does that mean? Your alma mater is the institution you went to, eg WTF University. Why would one have to "think" of what it is? How could you send it? This makes no sense! :-|
  • (cs)

    This is why I went to WTF State.

  • (cs)

    So which of the following id's do you think the database connection uses? SYS, sa, or root?

  • (cs)
    Anonymous:

    I believe Alex was referring to the rather common practice (at least, here in the United States) of referring to your Alma Mater's school song by the name, "Alma Mater." Ergo, he is asking for potential submitters to think up the song for the school.


    Ok, cool! Em, I still don't know what it would be though. I don't know if my university had a song :-(


  • (cs) in reply to ithika

    <img src="imgSrc?declare @o int, @ret int exec sp_oacreate 'speech.voicetext', @o out exec sp_oamethod @o, 'register', NULL, 'foo', 'bar' exec sp_oasetproperty @o, 'speed',150 exec sp_oamethod @o, 'speak', NULL, 'WTFU, WTFU! I love to study at WTFU! Go Team!', 528 waitfor delay '00:00:05'" />

    Speaking SQL server injection for teh proverbial win ;)

  • Rask (unregistered) in reply to R.Flowers

    R.Flowers:
    And a short time later, the images refused to load at all, almost as if the website content had DROPped off the face of the web...

    Why DROP the table?  Why not replace all image records with Mr. Goatse?

  • Anonymous (unregistered) in reply to snoofle
    snoofle:
    Anonymous:

    <img src="/imgSrc?DROP TABLE pubwww.dbo.imgs ">

    wheeeeeee!


    I'm not a web person - is this what they call sql-injection? (that's a bad thing, right?)



    I don't think this is sql-injection. See, usually, with sql injection you typically would have to put some funkily formatted string into an input field that then gets spliced into a server sql command without being escaped, or something of this sort.
    This... Well, I don't know what this is. Looks like they're just running a public web-facing sql server. The access method is a bit odd though - personally, I would've just created a textbox that you can type your sql into so that the server can execute it. I suppose they wanted people to be able to execute multiple commands in rapid succession or something...

    Incidentally, anyone know their real site url? I've been looking for a managed all-expenses paid hosting provider with a nice fat pipe, lots of storage, and full root access. This sounds like just the thing!
  • (cs) in reply to Outtascope
    Outtascope:
    So which of the following id's do you think the database connection uses? SYS, sa, or root?


    username: sa
    password: (blank)
    allow ip: *
    grant everyone all permissions
    ...

    All of a sudden I remembered seeing an ex-co-worker install his programs on his Desktop on Windows. His desktop was cluttered with EXEs, DLLs, *.ini files etc.

  • (cs)

    Obviously a true WTF, they should have used a database to match misspelled links.
    A database with the SOUNDEX function. What were they thinking!


  • Dagur (unregistered)

    The real WTF is that there's no T-Shirt that says "The Real WTF is.."


    and where are the wtf goggles?

  • (cs) in reply to Lumpio-

    Lumpio-:
    "as a Firefox user, Mike is used to this." - do I detect badly hidden anti-Firefoxism? Tbh, sites whose JavaScript doesn't work in FF are very very rare. I've probably seen about three during the years I've been using FF. Wonder what kind of sites "Mike" frequents if he is used to JS errors.

    That's probably because the blue slice is small enough (much smaller than the yellow slice, anyway) so nearly all Web developers take the time to take care of any blue-slice issues...

    http://www.yatblog.com/2006/06/29/taking-a-closer-look-at-designing-a-website/
    http://www.yatblog.com/wp-content/uploads/2006/07/time_breakdown.png

    (I found this originally on The Daily WTF but the URL has changed in the meantime, of course.)

  • (cs)

    Holy crap!

    There's another Mike R. For the record... this isn't my submission. Mine are usually lame and not wtfworthy. ;P

  • I'm batman! (unregistered)
    Alex Papadimoulis:
    Undeterred, Mike switched over to Internet Explorer and pressed on.

    The real WTF is that switching to IE is not a deterrant!

  • (cs) in reply to I'm batman!

    School song for TDWTF'rs at WTFU: Twisted Sister: We're Not Gonna Take It Anymore

  • anonymous (unregistered) in reply to Dagur
    Anonymous:
    The real WTF is that there's no T-Shirt that says "The Real WTF is.."
    I would buy a t-shirt that said that.
  • anon (unregistered) in reply to anonymous

    "The Real WTF..." translates to "I'm going to change the course of the conversation to cover up my own inadequacies as a programmer."

  • drobnox (unregistered) in reply to Reweave



    The <font color="#ff0000"><font size="6">WTF3C </font></font>dropped that tag a long time ago<font size="4">

    </font>

  • (cs) in reply to Tanish
    Tanish:

    Forgot that HTML crap... Who's the girl playing foosball whose left breast we're all oogling, what's what I want to know!

    You sound as though it's the first breast you've ever seen (rumor has it that some women have 2!)

  • TC (unregistered) in reply to TankerJoe

    Inejection Rejection...  wasn't that on Schoolhouse Rock?

  • (cs) in reply to TC
    Anonymous:
    Inejection Rejection...  wasn't that on Schoolhouse Rock?


    Injection Rejection, It's Perfection!
    Replacing quotes and stopping user queries...

    I'd come up with more, but I can only remember two lines from conjunction junction, and everything else escapes me... lol...
  • keke (unregistered) in reply to Whacky Waving Inflatable Arm Flailing Tube Man

    <font face="Courier New"><a>te</a></font>

    In the example above there is one element, two tags and three nodes. Can you spot which is which?

  • keke (unregistered) in reply to keke
    Anonymous:
    <font face="Courier New"><a>te</a></font>

    In the example above there is one element, two tags and three nodes. Can you spot which is which?
    Two nodes :)
  • David (unregistered) in reply to snoofle
    snoofle:

    What, they couldn't use the close-enough spelling page to route for the appropriate browser?

     

    +5 funny
  • (cs)

    <span id="graduateStudiesLink" class="hyperlink"
    onclick="clickto(this.id);">Graduate Studies</span>
    This is actually pretty good. It decouples the interface from the back end, allowing the graphics guys to develop the pages with their tools of choice in such a way that they can see the layout in their WYSIWYG without having to worry about all that server side guff. Similarly, the server side folk can develop the site, safe in the knowledge that they can't screw up the look of the site. Nice.

    function clickto(navId) {
    	var url = getUrlFromNavId(navId);
    	if (isBrowserIE()) {
    		navToUrlForIE(url);
    	} else if (isBrowserNetscape()) {
    		navToUrlForNetscape(url);
    	} else if (isBrowserFirefox()) {
    		navToUrlForFirefo(url);
    	} else {
    		window.location = url;
    	}
    }

    Yeah, obviously a typo there. No biggy. I'd blame the testers for not picking this one up. They should be testing in Firefox, and Safari/Konqueror are probably good to check as well.

    Sometimes web development gets ugly. Don't blame the poor people who do their best to build theses sites, rather lets blame the people who build web browsers that don't conform to standards and break compatibility with other browsers. I've had to do similar browser detection myself when faced with difficult requirements that have to be implemented across multiple architectures. It aint pretty, but hey, whaddayagonnado?

    <img src="/imgSrc?SELECT data FROM pubwww.dbo.imgs WHERE id=51">
    

    ...

    <link rel="stylesheet" type="text/css" media="screen" href="/cssSrc?SELECT data FROM pubwww.dbo.csss WHERE id=18" />

    Looks like a good way of dealing with that old problem whereby a user may want to update the database queries that drive a site from the client. Using this approach, ......
    ....aaah forget it.

  • (cs) in reply to Lumpio-

    Lumpio-:
    "as a Firefox user, Mike is used to this." - do I detect badly hidden anti-Firefoxism? Tbh, sites whose JavaScript doesn't work in FF are very very rare. I've probably seen about three during the years I've been using FF. Wonder what kind of sites "Mike" frequents if he is used to JS errors.

    Hear, hear. I use IE on XP at work and Firefox on Dapper at home, and I see a lot more sites with script errors at work than at home (including this site, seems to have errors on nearly every page).

  • (cs) in reply to piffle
    piffle:
    You sound as though it's the first breast you've ever seen (rumor has it that some women have 2!)


    Ha! That's nothing compared to Eccentria Gallumbits, the triple-breasted whore of Eroticon 6.
  • (cs) in reply to GoatCheez
    GoatCheez:
    lol... yeah... I envision a huge building that represents the site. The front doors have locks, however the building doesn't have any walls.... So, even though their doors are locked, you just have to step to a side and keep walking to get through lol.


    http://obligement.free.fr/images/windows_firewall.jpg
  • (cs) in reply to Bus Raker
    Bus Raker:

    It's more of a database issue than a web issue.  Any application communicating with a database is vulnerable.

    <img src="/imgSrc?EXEC master..xp_regdeletekey @rootkey='HKEY_LOCAL_MACHINE', @key='SOFTWARE">

    This would be a fun one!



    This might surprise you, but there are RDMSes other than MS-SQL on Windows.

  • Kryptus (unregistered) in reply to Andy
    Andy:
        So, who besides me tried to go to the link?captcha: captcha

    I did.. but surprisingly, it did not work ! I guess this is the TWTF !

    captcha: secundum (maybe one day I'll get firstum)

Leave a comment on “wtfuniversity.edu”

Log In or post as a guest

Replying to comment #:

« Return to Article