Wednesday, October 10, 2007

Just for fun...

Someone posted a comment on another blog entry.  It pointed me to a cartoon they thought I could relate to.  It was pretty funny :)

Last week, a friend of mine sent me a link.  He sent me a URL to a restaurant so we could meet there.  Thunderbird broke the URL in half for some reason and when I clicked on the link, I received an error page that contained in part this text:

 Element RESTAURANT is undefined in URL.

The error occurred in /........../something.cfm: line 7

5 : select SectionName, Words
6 : from restaurants
7 : where Restaurant='#url.Restaurant#'
8 : and Section='#url.Section#'
9 :

Interesting I thought... I had some fun with that - discovered that restaurant was not only SQL injectable but HTML injectable as well (they used the text in SQL and in their generated HTML - you can do some interesting things with that)...


If you do not know what SQL Injection is - please read this.  And then get rid of string concatention in your code where ever you can!


Just to close on a sadly funny note - (warning, not entirely safe for work language is on this page) check this out

POST A COMMENT

10 Comments:

Anonymous Anonymous said....

You're OK if you don't do more than $5000 damage per year. Of course, they have to pay the most expensive consulting company in the world to fix it, so that means crashing them for a few hours.

Wed Oct 10, 09:48:00 AM EDT  

Blogger MWrynn said....

I've seen this kind of sql output a disconcerting number of times.

Wed Oct 10, 10:31:00 AM EDT  

Blogger dan said....

More Fun...

http://worsethanfailure.com/Articles/No-Thanks,-I-Prefer-SUBString!.aspx

Wed Oct 10, 12:52:00 PM EDT  

Anonymous Anonymous said....

Funny thing, just this morning I logged into one of "our" Internet sites without a password. I reported it to our security architects, but apparently they do firewalls, not databases.

(I'll stay anonymous this time...)

Wed Oct 10, 02:57:00 PM EDT  

Anonymous Larry Ellison said....

luckily enough little bobby tables' sister is named flashback students to before drop

Wed Oct 10, 03:51:00 PM EDT  

Anonymous Robert said....

in before someone mentions BV

Wed Oct 10, 05:40:00 PM EDT  

Anonymous Anonymous said....

I am sure the person who developed that page neither has your book nor been to asktom. If he has been to any one place he could find you cry, scream, yell and beg to use bind variable :o)

Thu Oct 11, 12:40:00 AM EDT  

Blogger Gary Myers said....

In the right browser and circumstances, the image title pops up like a tooltip. It says "Her daughter is named Help I'm trapped in a driver's license factory". You can find it in the HTML page source easily.

Thu Oct 11, 02:06:00 AM EDT  

Anonymous Carlo said....

More SQL injection fun

Thu Oct 11, 08:25:00 AM EDT  

Anonymous Carlo said....

Oops, only read the part about Thunderbird, don't mind me.

Thu Oct 11, 08:27:00 AM EDT  

POST A COMMENT

<< Home