Any X WHERE X eid WTF



  • It seems an innocent enough link: http://www.logilab.org/857. But move your mouse over any of the intra-site links on the page (such as "python-projects" on the right), and the WTF becomes apparent. Even better is "Latest blogs" on the left, which is pretty close to a raw SQL query string.



  • About this site:

    Erudi is a Python web framework intended to easily create, deploy and manage knowledge management application. An application is created from a Entity-Relations schema, and a range of Views. Navigating on the web site consists in selecting a range of entities through their types and relations using a dedicated query language, and choosing a view to display them. The Erudi engine eases the process by choosing a default view which makes sense, but developpers can provide hints when writing custom views.

    If you want to learn more about Erudi, you can:

    Freakish nevertheless. They misspelled 'developpers', too.


  • Looks enterprisey...



  • check out the following (yet another WTF on that site) Link



  • @brendan said:

    check out the following (yet another WTF on that site) Link


    Or, for those of us who are confused when pages seem to link to The Daily WTF instead of the site, a more simple surprise using alert(). O//\FG|-|4><



  • Besides the fact that there is xss, the whole concept of this site is a wtf.

    Reading the site it looks like it was built to allow users to basically query the website themselves using syntax similar to sql.

    The users are supposed to look at the table structure and view pages with their own query if they wanted too.

     

    I think this is just a lazy and overly complicated way to design a webpage and impliment a search engine in a site. 

     


Log in to reply