Programmer Humor

20351 readers

1865 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

[email protected]

249

SQL Injection (lemmy.ml)

submitted 2 days ago* (last edited 2 days ago) by [email protected] to c/[email protected]

11 comments fedilink hide all child comments

Alternate version:

top 11 comments

sorted by: hot top controversial new old

[–] [email protected] 35 points 2 days ago (1 children)

little bobby tables' dad.

[–] [email protected] 28 points 2 days ago (1 children)

Could even be his twin - that joke is from 2007, if little Bobby was in kindergarten then he'd be around 22 by now and could be trying to land his first job out of college!

[–] [email protected] 2 points 20 hours ago* (last edited 20 hours ago)

Wow, an XKCD-style feel-old fact about XKCD.

[–] [email protected] 11 points 2 days ago

Little Bobby Tables all grown up 😢

[–] [email protected] 12 points 2 days ago (1 children)

What's the second one do?

[–] [email protected] 25 points 2 days ago* (last edited 2 days ago) (2 children)

Bypassing authentication or checks by incorporating a statement that always returns true, and doing an 'or' operation with the statement being injected. It manipulates the return value of the SQL statement to make it always return true, so if the website is checking if the statement returned true to indicate, for example, the password is correct, it will now think that was the case.

[–] [email protected] 2 points 20 hours ago (1 children)

So does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?

[–] [email protected] 3 points 20 hours ago

IDK I didn't think that much into it lol

[–] wise_pancake 5 points 1 day ago (1 children)

I remember the first time I shipped a website with that SQL injection.

It got taken over surprisingly quickly.

[–] [email protected] 4 points 20 hours ago* (last edited 20 hours ago) (1 children)

Crackers work hard.

Edit: Wait, does that mean you did it again? Haha.

[–] wise_pancake 2 points 18 hours ago* (last edited 18 hours ago)

I just wiped the DB and put it back online again.

I did fix it, but had to rewrite a lot of the PHP backend, which took a couple days.

And yes, I did release another website with SQL injection... It was a personal website for my brother and the pagination was vulnerable. I had written a simple CMS for it, but Instead of a password I just generated an obscure URL with completely open access to edit the DB directly.

The pagination got hacked but I fixed it pretty quickly (by checking the page number was in fact a number).

Surprisingly the CMS never got hacked before I moved him over to WordPress.

Younger me learned a lot of web dev lessons the hard way.

ETA: This was all when I was a teen and I had nobody in my life to teach me these things. I was self taught from a PHP book from the library.