Question of vialibity



  • There's something I came across while thinking and am wondering if it's something old or something other people have thought about.

    We all know that some silly websites are still vulnerable to query string exploits, the worst of which would be straight SQL in the URL.

    Has anyone realized the potential evil of embedding an html image tag in a public site such that the source of the image was a URL that used a SQL exploit?

    Wouldn't this cause any one that browsed the site with the image tag to unwittingly attack the site?

    Please tell me I am wrong...



  • @Giskard said:

    There's something I came across while thinking and am wondering if it's something old or something other people have thought about.

    We all know that some silly websites are still vulnerable to query string exploits, the worst of which would be straight SQL in the URL.

    Has anyone realized the potential evil of embedding an html image tag in a public site such that the source of the image was a URL that used a SQL exploit?

    Wouldn't this cause any one that browsed the site with the image tag to unwittingly attack the site?

    Please tell me I am wrong...

    Well, yeah, that would work.  Why wouldn't it?  But since most SQL exploits are one-time events (read private data or just DROP TABLE) there's no real reason to attack from lots of browsers.



  • True enough point.

    I always just thought it would be more fun/chaotic to make it remove small groups of random rows based on a non deterministic event (users browsing).

    Would also make it less noticeable.

    And being new to posting (not reading), how the bloody hell does one put a new line in?



  • @morbiuswilters said:

    Well, yeah, that would work.  Why wouldn't it?  But since most SQL exploits are one-time events (read private data or just DROP TABLE) there's no real reason to attack from lots of browsers.

     

    Could be an easy way to do a DOS attack, but this wouldn't have anything to do with SQL injection.   Just build a URL which causes the site to generate an expensive report, then put that in your signature on a variety of highly visited forums.



  • @Giskard said:

    True enough point.

    I always just thought it would be more fun/chaotic to make it remove small groups of random rows based on a non deterministic event (users browsing).

    Would also make it less noticeable.

    And being new to posting (not reading), how the bloody hell does one put a new line in?

     

    hit enter?



  • I've been leaving 2 lines between spots where I wanted it to.

    But noooooo it makes it a nice mash of text.

    Aside, from that I'll shut up... I've read enough of other people bitching about it the first time they use that I should know better than to join in.



  •  @Giskard said:

    I've been leaving 2 lines between spots where I wanted it to.

    But noooooo it makes it a nice mash of text.

    Aside, from that I'll shut up... I've read enough of other people bitching about it the first time they use that I should know better than to join in.

    What Browser are you using?  Do you have a WYSIWYG editor or do you have a plain text editor?   Try putting <br> in there and see if it works.



  • Perfect!


    Thank you very much. I should have paid more attention to other threads.


    I'm using Chrome, I kind of like having the tabs use up the otherwise unused space in the title bar when the window is maximized. It doesn't give me the WYSIWYG editor, if it had and I still had to ask I think I would have quit my job as a developer. Didn't expect it to take straight HTML though, but I'm happy to be proven wrong/ignorant in this case.



  • @Giskard said:


    Thank you very much. I should have paid more attention to other threads.
     

    No problem.  I'm more than happy to help a Community Server noob.  Besides, I can't stand it when people don't format long posts into multiple paragraphs.


Log in to reply