- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
"as a Firefox user, Mike is used to this." - do I detect badly hidden anti-Firefoxism? Tbh, sites whose JavaScript doesn't work in FF are very very rare. I've probably seen about three during the years I've been using FF. Wonder what kind of sites "Mike" frequents if he is used to JS errors.
Admin
That sounds familiar. Did we already come across that WTF a few months ago?
Admin
Am I the first to notice that their queries are not properly escaped? That is the real WTF!
Admin
You must be new here. Everyone knows that she is Paula Bean.
Admin
What does that mean? Your alma mater is the institution you went to, eg WTF University. Why would one have to "think" of what it is? How could you send it? This makes no sense! :-|
Admin
This is why I went to WTF State.
Admin
So which of the following id's do you think the database connection uses? SYS, sa, or root?
Admin
Ok, cool! Em, I still don't know what it would be though. I don't know if my university had a song :-(
Admin
<img src="imgSrc?declare @o int, @ret int exec sp_oacreate 'speech.voicetext', @o out exec sp_oamethod @o, 'register', NULL, 'foo', 'bar' exec sp_oasetproperty @o, 'speed',150 exec sp_oamethod @o, 'speak', NULL, 'WTFU, WTFU! I love to study at WTFU! Go Team!', 528 waitfor delay '00:00:05'" />
Speaking SQL server injection for teh proverbial win ;)
Admin
Why DROP the table? Why not replace all image records with Mr. Goatse?
Admin
I don't think this is sql-injection. See, usually, with sql injection you typically would have to put some funkily formatted string into an input field that then gets spliced into a server sql command without being escaped, or something of this sort.
This... Well, I don't know what this is. Looks like they're just running a public web-facing sql server. The access method is a bit odd though - personally, I would've just created a textbox that you can type your sql into so that the server can execute it. I suppose they wanted people to be able to execute multiple commands in rapid succession or something...
Incidentally, anyone know their real site url? I've been looking for a managed all-expenses paid hosting provider with a nice fat pipe, lots of storage, and full root access. This sounds like just the thing!
Admin
username: sa
password: (blank)
allow ip: *
grant everyone all permissions
...
All of a sudden I remembered seeing an ex-co-worker install his programs on his Desktop on Windows. His desktop was cluttered with EXEs, DLLs, *.ini files etc.
Admin
Obviously a true WTF, they should have used a database to match misspelled links.
A database with the SOUNDEX function. What were they thinking!
Admin
The real WTF is that there's no T-Shirt that says "The Real WTF is.."
and where are the wtf goggles?
Admin
That's probably because the blue slice is small enough (much smaller than the yellow slice, anyway) so nearly all Web developers take the time to take care of any blue-slice issues...
http://www.yatblog.com/2006/06/29/taking-a-closer-look-at-designing-a-website/
http://www.yatblog.com/wp-content/uploads/2006/07/time_breakdown.png
(I found this originally on The Daily WTF but the URL has changed in the meantime, of course.)
Admin
Holy crap!
There's another Mike R. For the record... this isn't my submission. Mine are usually lame and not wtfworthy. ;P
Admin
The real WTF is that switching to IE is not a deterrant!
Admin
School song for TDWTF'rs at WTFU: Twisted Sister: We're Not Gonna Take It Anymore
Admin
Admin
"The Real WTF..." translates to "I'm going to change the course of the conversation to cover up my own inadequacies as a programmer."
Admin
The <font color="#ff0000"><font size="6">WTF3C </font></font>dropped that tag a long time ago<font size="4">
</font>
Admin
You sound as though it's the first breast you've ever seen (rumor has it that some women have 2!)
Admin
Inejection Rejection... wasn't that on Schoolhouse Rock?
Admin
Injection Rejection, It's Perfection!
Replacing quotes and stopping user queries...
I'd come up with more, but I can only remember two lines from conjunction junction, and everything else escapes me... lol...
Admin
<font face="Courier New"><a>te</a></font>
In the example above there is one element, two tags and three nodes. Can you spot which is which?
Admin
Admin
Admin
Yeah, obviously a typo there. No biggy. I'd blame the testers for not picking this one up. They should be testing in Firefox, and Safari/Konqueror are probably good to check as well.
Sometimes web development gets ugly. Don't blame the poor people who do their best to build theses sites, rather lets blame the people who build web browsers that don't conform to standards and break compatibility with other browsers. I've had to do similar browser detection myself when faced with difficult requirements that have to be implemented across multiple architectures. It aint pretty, but hey, whaddayagonnado?
Looks like a good way of dealing with that old problem whereby a user may want to update the database queries that drive a site from the client. Using this approach, ......
....aaah forget it.
Admin
Hear, hear. I use IE on XP at work and Firefox on Dapper at home, and I see a lot more sites with script errors at work than at home (including this site, seems to have errors on nearly every page).
Admin
Ha! That's nothing compared to Eccentria Gallumbits, the triple-breasted whore of Eroticon 6.
Admin
http://obligement.free.fr/images/windows_firewall.jpg
Admin
This might surprise you, but there are RDMSes other than MS-SQL on Windows.
Admin
I did.. but surprisingly, it did not work ! I guess this is the TWTF !
captcha: secundum (maybe one day I'll get firstum)