Someone done bad here

Spotted today:


http://www.ergometric.co.nz:8090/phpmyadmin23/sql.php?lang=en-utf-8
&server=1&collation_connection=utf8_general_ci
&db=unite&table=membership_form_info&pos=0
&session_max_rows=30&disp_direction=horizontal&repeat_cells=100
&dontlimitchars=1&sql_query=SELECT+*FROM+%60membership_form_info%60+
+ORDER+BY+%60employer%60+ASC

(Company URL changed slightly to prevent the irresistible urge to see what happens after doing:
http://www.ergometric.co.nz:8090/phpmyadmin23/sql.php?
lang=en-utf-8&server=1&collation_connection=utf8_general_ci
&db=unite&sql_query=DROP table *
)

This is why most ‘hacking’ is done from the browser’s address bar.

Seriously folks, please remember to secure your websites.


<mental note>Must apply patch to own site</mental note>

This entry was posted in IT. Bookmark the permalink.

2 Responses to Someone done bad here

  1. Ian says:

    Compulsory xkcd reference:
    http://xkcd.com/327

  2. michelle says:

    Bobby Drop Tables, such a cool name.

Leave a Reply

Your email address will not be published.