URL abuse
-
OK it's a very minor WTF but hey, I like it when website authors leave things wide open for abuse!
As a bonus, the final target is giving us the text of SQL query instead of comments. Oops.
-
WTF? That's awesome.
-
-
OK it's a very minor WTF but hey, I like it when website authors leave things wide open for abuse!
clicky here
Why stop there? Try this: http://zurl.ws/M :P
@RayS said:
As a bonus, the final target is giving us the text of SQL query instead of comments. Oops.
That's because of a database error:WordPress database error: [Can't open file: 'wp_comments.MYI'. (errno: 144)]
SELECT * FROM wp_comments WHERE comment_post_ID = '254' AND comment_approved = '1' ORDER BY comment_date
server:/home/sitebackup# perror 144
MySQL error code 144: Table is crashed and last repair failed
-
@Daniel15 said:
Why stop there? Try this: http://zurl.ws/M :P
Shame on you! I laughed so loud I woke my kid :P
-
@Daniel15 said:
Why stop there? Try this: http://zurl.ws/M :P
Nice.
I didn't go that far since Firefox gives up after the first few. IE though goes all the way to the end.
-
ooo you're right -- it works much better in Internet Explorer =)
I did wonder about Firefox since it didn't seem to work fully.
Need a WTFey browser to make this work.
-
-
@Daniel15 said:Why stop there? Try this: http://zurl.ws/M :P
I'll do you one over: http://www.drwho-online.co.uk/index.asp?sPage=javascript%3a%27%3cscript%3elocation%2eassign%28parent%2eparent%2elocation%2ehref%29%3c%2fscript%3e%27
-
@Faxmachinen said:
@Daniel15 said:Why stop there? Try this: http://zurl.ws/M :P
I'll do you one over: http://www.drwho-online.co.uk/index.asp?sPage=javascript%3a%27%3cscript%3elocation%2eassign%28parent%2eparent%2elocation%2ehref%29%3c%2fscript%3e%27Very good.
Let us not forget though, that although that is fun, it highlights just how dangerous a poorly designed website can be. Someone puts some malicious content in there, and suddenly your website appears to be doing bad things to people's computers.