Scholarly WTF



  • I spent last night repeating the age-old college tradition of writing a research paper the night before it's due. Naturally, this involved many searches through Google Scholar and whatever other journal search engines I could access to find appropriate sources. One site in particular, Questia, had a lot of articles I wanted to read and reference, but without a subscription you're only allowed to view the first few paragraphs. However, I noticed that the URLs for journal articles had an unusual format:

    http://questia.com/PM.qst?a=o&d=<article number>&er=deny

    Out of pure curiosity, I tried changing "deny" to "allow". Questia happily gave me access to the entire article. This works with all the articles I found find, and Wikipedia says Questia as over 1,500,000 articles.

    The fun doesn't stop there though. Questia provides a toolbar at the top of each article with buttons like "cite" and "print", but clicking on them pops up a message requiring you to login before you're allowed to access the feature. The page obviously used Javascript for the pop-up, so I tried looking at the page source to see what I could find and saw this:

    /*

    * Flag that indicates if the user is currently logged it.

    */

    common.isLoggedIn = false;



    ...
    citationTool.createCitation = function() { 

    if ( common.isLoggedIn ) {

    var url = '/PreferencesNoAppletMediator.qst?action=getPrefs&prefType=citation&url=/CitationHandler.qst?' +

    'citeaction=createCitationBegin&current_docid='+common.docId+'&citation_text='+citationTool.getSelectedText();

    common.openWindow(url, 'Citation', 600, 500);

    } else {

    common.showFeatureDialog( this.helpMessage() );

    }

    }  

    Since I was using Firefox, all I needed to do to get around it was put "javascript:common.isLoggedIn = true;" in my address bar. I think I'm going to send a letter to Questia thanking them for their horrible security. Without it I probably wouldn't have finished my paper on time.



  • Why the hell did the forum software insert all the extra <br> tags in the code blocks? Those weren't there before.



  • geeesh.  what a great security scheme.  good to know for my next research paper.  thx



  • NO NO NO. Are you crazy???

    Don't alert them to the problem. I can use this site in the future for my next research paper. Thanks Mr. Man !!



  • Being "scholarly" myself, everyday I see things like this and think, "Real programmers would never do this."

    Thank you for reassuring me of my ignorance.
     



  • Oh my.  This is a true classic!



  • I just tried that, and it didn't work. Could they have already fixed it?



  • [quote user="bobday"]I just tried that, and it didn't work. Could they have already fixed it?
    [/quote]

     Seems so. The original article I used the hack with doesn't work anymore. Unfortunately, I already put that URL in my "Works Cited" list and turned in the paper. Hopefully my professor won't notice/care.

    And no, I didn't tell them about the security holes.

     



  • [quote user="MrMan"]

    Unfortunately, I already put that URL in my "Works Cited" list and turned in the paper. Hopefully my professor won't notice/care.

    [/quote]

    Such is the nature of the web... Web site owners are free to rearrange, add, delete, modify at will.

    He'll just have to subscribe himself if he wants to read it. 


Log in to reply