no proxies here. Tried from one of my direct-connected colo boxes, and I get the loop. Tried from another shared hosting box in CA, and it works.
I have no idea
Hank
@Hank
Best posts made by Hank
Latest posts made by Hank
-
RE: A Google WTF
-
RE: A Google WTF
Geeze -- less than 5 minutes to edit a post? WTF?
It's still happening... trust me:
Here's what I get from wget in linux, so it can't be a cookies or browser thing.
(repeats 20 times before wget gives up)
$ wget http://www.google.com/webmasters/+1/button/
--14:16:16-- http://www.google.com/webmasters/+1/button/
=>index.html' <br>Resolving www.google.com... 74.125.91.99, 74.125.91.103, 74.125.91.104, ... <br>Connecting to www.google.com[74.125.91.99]:80... connected. <br>HTTP request sent, awaiting response... 301 Moved Permanently <br>Location: http://www.google.com/webmasters/+1/buton/ [following] <br>--14:16:16-- http://www.google.com/webmasters/+1/buton/ <br> =>
index.html'
Connecting to www.google.com[74.125.91.99]:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/webmasters/+1/button/ [following]
--14:16:16-- http://www.google.com/webmasters/+1/button/
=> `index.html' -
RE: A Google WTF
Wow - still doesn't work for me -- and I tried in three browsers on two computers before posting that.
Still think it's a WTF.
Here's what I get from wget in linux: (repeats 20 times before wget gives up)
$ wget http://www.google.com/webmasters/+1/button/
--13:57:12-- http://www.google.com/webmasters/+1/button/
=>index.html' Resolving www.google.com... 74.125.91.106, 74.125.91.147, 74.125.91.99, ... Connecting to www.google.com[74.125.91.106]:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: http://www.google.com/webmasters/+1/buton/ [following] --13:57:12-- http://www.google.com/webmasters/+1/buton/ =>
index.html'
Connecting to www.google.com[74.125.91.106]:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/webmasters/+1/button/ [following]
--13:57:13-- http://www.google.com/webmasters/+1/button/
=>index.html' Connecting to www.google.com[74.125.91.106]:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: http://www.google.com/webmasters/+1/buton/ [following] --13:57:13-- http://www.google.com/webmasters/+1/buton/ =>
index.html'
Connecting to www.google.com[74.125.91.106]:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/webmasters/+1/button/ [following]
--13:57:13-- http://www.google.com/webmasters/+1/button/
=>index.html' Connecting to www.google.com[74.125.91.106]:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: http://www.google.com/webmasters/+1/buton/ [following] --13:57:13-- http://www.google.com/webmasters/+1/buton/ =>
index.html'
Connecting to www.google.com[74.125.91.106]:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/webmasters/+1/button/ [following]
--13:57:13-- http://www.google.com/webmasters/+1/button/ -
A Google WTF
Click: http://www.google.com/webmasters/+1/buton/
Way to go Google!
This page they're promoting for their new "+1" service has an infinite 301 redirect to itself. WTF?
(who knows how long it will last)
-
Free Car Washes for everyone!
So I visit the local car wash website to get their Sunday hours.. and they have this little javascript "concentration" type game. Looks real old-school web, like 1999 or something.
I play the game once, and I "win" a 50 cents off coupon... BFD, but I think, this is all javascript, it's got to be easily hackable. Sure enough, I download the javascript (all on one page, not even an included .js file) to my local machine and start some light modification of the javascript to show the images behind each of the locations as the starting move, then I just have to click all the matches, and I'd win a free car wash. I spent about 10 minutes playing around with how simplistic the javascript is, and then I decide to look at the "winning" condition -- yup -- the URLs for all the prizes are hard-coded in the javascript -- so I just go to that URL, and VIOLA - FREE CAR WASH!Game page: http://www.scrubadub.com/game/game.htm
Winning page: http://www.scrubadub.com/game/qa56n9.htm
code:
if (matches>=matchlimit && score>=realhigh){level1()}
.......
function level1() {
setHigh()
if (gameover!=1) { // don't alert if game is over
window.open ("qa56n9.htm", "newwin", "width=525,height=375,directories=0,toolbar=1,location=0,status=0,menubar=0,scrollbars=1,resizable=1,copyhistory=0");
}
} -
RE: You can lead a horse to water...
@jimheem said:
It would take a compentent Linux admin about half a day to setup a well functioning mailserver in house, with their own IMAP, POP3, Webmail, or whatever else method of getting mail that they want. On top of that they can add and control their own spam filtering and anti virus.
I'm not even an linux admin, and doing something like this takes less than an hour (even less if you are a linux admin) using something like the Bill Shupp Linux Qmail Toaster ( http://www.shupp.org/toaster/ ). I've done this several times, and it "just works".
-
RE: SQL "Injection" WTF
@bighusker said:
but I'm not sure this page is vunerable to SQL injection...
That's why I put "injection" in quotes. It's injecting SQL into the error message page, not the database.
-
RE: SQL "Injection" WTF
@danixdefcon5 said:
Try this: http://ethoserver.ezone.net/message.php?mess=EPIC%20FAIL!!!!!
That works!! (for me, currently on their network)
-
RE: SQL "Injection" WTF
Apparently you need to be connected to their network to see the error:
Here's a screen print:
<img src=http://forums.wheresgeorge.com/attachment.php?attachmentid=2894&stc=1&d=1215617217> -
SQL "Injection" WTF
I just checked into a Holiday Inn in Los Angeles.. and connected to their free wi-fi network. Of course, it loads an authentication page (We were given a logon and password). Maybe it's because I use Opera and not IE, or just maybe they had a database hiccup.. but this is the error page I received (super long URL follows):
http://ethoserver.ezone.net/message.php?mess=An error occured durring processing. Please call support.<BR>Lost connection to MySQL server during query<BR>SQL: select count(*) from LoginsActive where MacAddress='00:90:96:AC:8C:D8' and MacAddress!=''%20and%20Iface='br0'%20and%20PropertyID='16'%20%3CBR%3E%3CBR%3EIP:sql.ethostream.com%3CBR%3EDBU:remote%3CBR%3EDB:
Plenty of WTFs to enjoy there. Too bad they didn't include the login ID and password.
-Hank