lewisje All American 9196 Posts user info edit post |
for...uhh...educational purposes 7/27/2010 2:20:39 PM |
qntmfred retired 40812 Posts user info edit post |
or 1=1 --
[Edited on July 27, 2010 at 2:26 PM. Reason : .] 7/27/2010 2:25:41 PM |
wwwebsurfer All American 10217 Posts user info edit post |
most of them i miss are from forgetting to clean input and someone running a command in their name input
[Edited on July 27, 2010 at 3:01 PM. Reason : grammar nazi] 7/27/2010 3:01:15 PM |
evan All American 27701 Posts user info edit post |
mysql_real_escape_string ftw 7/27/2010 7:28:49 PM |
gs7 All American 2354 Posts user info edit post |
http://en.wikipedia.org/wiki/SQL_injection
But I doubt you'll find any truth there, it IS Wikipedia, after all.
Oh, and the obligatory:
Her daughter is named Help I'm trapped in a driver's license factory. http://xkcd.com/327/
[Edited on July 27, 2010 at 7:38 PM. Reason : .] 7/27/2010 7:35:03 PM |
lewisje All American 9196 Posts user info edit post |
http://en.wikipedia.org/wiki/Parody 7/27/2010 8:18:44 PM |
qntmfred retired 40812 Posts user info edit post |
WE KNOW
WE JUST WANNA TALK ABOUT HOW WE KNOW WHAT SQL INJECTION IS TOO
OKAY 7/27/2010 9:05:25 PM |
Talage All American 5094 Posts user info edit post |
If you have to point out that it's a parody thread... 7/27/2010 9:17:54 PM |
lewisje All American 9196 Posts user info edit post |
^^this forum needs a "DROP TABLE *" injected into it 7/27/2010 10:07:23 PM |
aaronburro Sup, B 53142 Posts user info edit post |
i used it once. the programmer wasn't happy. I was just curious if the login was vulnerable. ultimately, it was a worthless thing in that case, but still... oh, and they never fixed it, lol. dumbasses. I'll bet that whole program is vulnerable 7/28/2010 10:47:03 PM |
lewisje All American 9196 Posts user info edit post |
you should post its location on 4chan and let the fun begin 7/29/2010 1:50:54 AM |
aaronburro Sup, B 53142 Posts user info edit post |
[no], lol 7/29/2010 7:46:27 PM |
izzykareem All American 2621 Posts user info edit post |
my local utility company once spit back a stack trace on their website, so i thought, hmm, i wonder if they've covered XSS.
So i found a search box and typed in <script>alert('hello world');</script> and it worked. I know not a SQL injection but, still fun.
owasp.org
the company i work for is required to be PCI/DSS compliant, we just went thru an annual review so alot of this stuff is still fresh on the brain 8/1/2010 2:04:03 AM |
qntmfred retired 40812 Posts user info edit post |
[Edited on September 10, 2010 at 2:42 PM. Reason : nm. srs business]
9/10/2010 2:36:08 PM |
qntmfred retired 40812 Posts user info edit post |
lol this 10 year old kid has some pretty nice youtube videos
2/4/2011 10:26:03 PM |
lewisje All American 9196 Posts user info edit post |
DROP DATABASE * some forums just need it2/4/2011 11:05:09 PM |
lewisje All American 9196 Posts user info edit post |
^
That was real cute about 10 years ago.
[Edited on June 8, 2011 at 7:08 AM. Reason : i am lewisje and i suck fat cocks only] 6/8/2011 7:07:26 AM |