why o' why?
-
How? It's server side code being rendered to the client so there's no attack vector there.
cheers, Chris Maunder
CodeProject.com : C++ MVP
Chris Maunder wrote:
How? It's server side code being rendered to the client so there's no attack vector there.
True - but you've now seen the name of tables, and it's obvious that Stored Procs aren't being used. As soon as you find an input form, the attack surface has been opened up.
Deja View - the feeling that you've seen this post before.
-
Open this below link in Firefox and look at the top of the page! click[^]
"hi, I am explorer.exe. sometimes when you are doing anything at all, I will just freeze for ten minutes. All of my brother and sister windows will also freeze, because they are sad for me. Maybe we will come back, maybe not, it will be a surprise!"
-
Open this below link in Firefox and look at the top of the page! click[^]
"hi, I am explorer.exe. sometimes when you are doing anything at all, I will just freeze for ten minutes. All of my brother and sister windows will also freeze, because they are sad for me. Maybe we will come back, maybe not, it will be a surprise!"
Rather odd. Go to index.asp and it renders correctly. Someone hasn't set the default pages up correctly in IIS up properly.
-
Chris Maunder wrote:
How? It's server side code being rendered to the client so there's no attack vector there.
True - but you've now seen the name of tables, and it's obvious that Stored Procs aren't being used. As soon as you find an input form, the attack surface has been opened up.
Deja View - the feeling that you've seen this post before.
Not as bad as one I discovered recently: Database connection strings stored in a publicly accessible txt file coupled with request strings being completely unvalidated before being appended to various SQL queries. Had a call from the client one day asking if it was us that created the 'slartibartfast' table. It turned out to be some bloke on the other side of the world having a bit of fun. Reminds me of my favourite XKCD[^].
-
Not as bad as one I discovered recently: Database connection strings stored in a publicly accessible txt file coupled with request strings being completely unvalidated before being appended to various SQL queries. Had a call from the client one day asking if it was us that created the 'slartibartfast' table. It turned out to be some bloke on the other side of the world having a bit of fun. Reminds me of my favourite XKCD[^].
The question is, did they know who Slartibartfast was?
-
Sweet. SQL Injection attack anyone? :rolleyes:
Deja View - the feeling that you've seen this post before.
Can people be so dumb? I would not be surprised if they put the FTP credentials of the website as a comment in the index.html under the pretext of ease of maintenance.
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson -
Open this below link in Firefox and look at the top of the page! click[^]
"hi, I am explorer.exe. sometimes when you are doing anything at all, I will just freeze for ten minutes. All of my brother and sister windows will also freeze, because they are sad for me. Maybe we will come back, maybe not, it will be a surprise!"
Bad code behind, I guess...
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
-
its in the HTML. Someone should really learn how to comment HTML correctly.
xacc.ide - now with IronScheme support
IronScheme - 1.0 alpha 2 out nowleppie wrote:
Someone should really learn how to comment HTML correctly.
Yeah, it is not that hard :rolleyes:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
-
Sweet. SQL Injection attack anyone? :rolleyes:
Deja View - the feeling that you've seen this post before.
Pete O'Hanlon wrote:
SQL Injection attack anyone?
Totally. Think of any good ones? :rolleyes:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
-
The real WTF is ADODB!
Pits fall into Chuck Norris.
Brady Kelly wrote:
real WTF is ADODB
Yep.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
-
All you've got are table names (and for the movie table only) - you can't actually get access. It's dumb and stupid but not a humungous breach
cheers, Chris Maunder
CodeProject.com : C++ MVP
-
Bad code behind, I guess...
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
-
Sweet. SQL Injection attack anyone? :rolleyes:
Deja View - the feeling that you've seen this post before.
-
Pete O'Hanlon wrote:
SQL Injection attack anyone?
Totally. Think of any good ones? :rolleyes:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
Paul Conrad wrote:
Totally. Think of any good ones?
:laugh: It does sound a bit "Capture the flag"
Deja View - the feeling that you've seen this post before.
-
Open this below link in Firefox and look at the top of the page! click[^]
"hi, I am explorer.exe. sometimes when you are doing anything at all, I will just freeze for ten minutes. All of my brother and sister windows will also freeze, because they are sad for me. Maybe we will come back, maybe not, it will be a surprise!"
This points out another coding horror/problem (whatever). It gets past IE 7. Sad but yes IE 7 lets it past while Opera and Firefox don't. The most we can hope is that IE 7 was made to ignore the problem. I seen a page where the title is in the body instead of the header so it is shown on the actual page.