1. Home
  2. Categories
  3. Side Bar WTF
  4. Opt-out wtf

Opt-out wtf

  • halcyon

    Today I recieved one of those newsletter-ish spam mails, with those little "Click here to get out of the list" links at the bottom. Out of paranoia, I didn't want to click, so I just copied the link and removed the parameters, just to see what would happen:

    http://asp.isprit2.de/ff/us_1.php

    <font size="3"><!-- ErrorCode: 1064</font>
    <font size="3"> Description: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
     SELECT e.ENTITY_ID,p.PERSON_ID,LOGO_URL FROM ENTITY e, PERSON p, MESSAGE m WHERE e.ENTITY_ID = p.ENTITY_ID AND p.PERSON_ID = m.PERSON_ID AND m.MSG_ID = 

    --></font>

    And as if echoing your SQL errors back to your visitor wasn't bad enough, the application also seems to copy the parameters right into the Query string.... kind of scary if you ask me.

    0
  • T

    @halcyon said:

    And as if echoing your SQL
    errors back to your visitor wasn't bad enough, the application also
    seems to copy the parameters right into the Query string.... kind of
    scary if you ask me.
    <font size="5">T</font>hat's a nice clear error for a developer to see but it shoud be placed in a log file and replaced with a generic error mesage.


    0
  • Arancaytar

    If it is a spammer, I suppose it would be quite tempting to test their site for protection against sql-injection attacks...

    0 cconroy D 2 Replies
  • Samah

    Something like
    MSG_ID=''; DROP TABLE PERSON;
    would be fun :)

    0 L PJH 2 Replies
  • G

    Except that MySQL doesn't let you do send more than one query in one packet.

    0 J 1 Reply
  • nickf

    http://asp.isprit2.de/ff/us_1.php now just reads "sorry! something went wrong :("

    maybe they read tdwtf!

    0 ? 1 Reply
  • E

    This is funny in itself, but what's even funnier is that apparently spammers read TDWTF. Should we throw them a welcoming party or something, wheel out goggles full of spam and 'BRILLANT' banners and hats? (hey - those aren't a bad idea - cafepress t-shirts and hats with 'BRILLANT' or 'My eyes! The goggles, they do nothing!' on them).

    0
  • F

    @nickf said:

    http://asp.isprit2.de/ff/us_1.php now just reads "sorry! something went wrong :("

    maybe they read tdwtf!


    View the source of the page.  It still has the comment mentioned above. 

    0 W 1 Reply
  • P

    El Foo said:



    This is funny in itself, but what's even
    funnier is that apparently spammers read TDWTF. Should we throw them a
    welcoming party or something, wheel out goggles full of spam and
    'BRILLANT' banners and hats? (hey - those aren't a bad idea - cafepress
    t-shirts and hats with 'BRILLANT' or 'My eyes! The goggles, they do
    nothing!' on them).

    ---



    Try this link



    Gifts - CafePress

    Gifts - CafePress

    Looking for the ideal Gifts? Come check out our giant selection of T-Shirts, Mugs, Tote Bags, Stickers and More. CafePress brings your passions to life with the perfect item for every occasion. ✓Free Returns ✓100% Satisfaction Guarantee ✓Fast Shipping

    -- its on the homepage for ages

    0 TunnelRat 1 Reply
Log in to reply