Life isn't easy if your last name is 'Null' as it still breaks database entries the world over
-
This post did not contain any content.
/me changes name to
'); DROP TABLE STUDENTS; --. -
/me changes name to
'); DROP TABLE STUDENTS; --.Dammit, Bobby!
-
This post did not contain any content.
I’ve been doing web development for something like 20 years now and I just can’t imagine how shitty your backend is if this is an issue.
-
I’ve been doing web development for something like 20 years now and I just can’t imagine how shitty your backend is if this is an issue.
This was my thought as well, sanitize your inputs! Are they not quoting/casting to string before input?
-
This was my thought as well, sanitize your inputs! Are they not quoting/casting to string before input?
Unless you’re coding from scratch it’s hard to not do this with any modern framework.
-
This post did not contain any content.
My academic advisor in college was named Null
Even I kept running into trouble because the system thought I didn't have a registered advisor.
-
/me changes name to
'); DROP TABLE STUDENTS; --.Oh. Yes. Little Bobby Tables, we call him.
-
Unless you’re coding from scratch it’s hard to not do this with any modern framework.
Legacy systems still handle more traffic than modern ones, I’d wager
-
Unless you’re coding from scratch it’s hard to not do this with any modern framework.
Word press code, and plugins, do not sanitize out of the box. You have to call an additional function, each time, that is not provided automatically. Many home made plugins miss that; many popular plugins used to be home made ones
-
My academic advisor in college was named Null
Even I kept running into trouble because the system thought I didn't have a registered advisor.
I have never seen this happen, and I don't know what tools would confuse the string "null" with NULL. From the comments in this thread, there are evidently more terribly programmed systems than I imagined.
-
I have never seen this happen, and I don't know what tools would confuse the string "null" with NULL. From the comments in this thread, there are evidently more terribly programmed systems than I imagined.
I'm pretty sure at least some of the university's systems were designed by students.
-
This post did not contain any content.
Knew a guy who had the license plate ‘NULL’ and he was telling me how he never got a toll bill or red light ticket.
-
Knew a guy who had the license plate ‘NULL’ and he was telling me how he never got a toll bill or red light ticket.
The article talks about a guy with a “NULL” license plate who gets tons of tickets for things he didn’t do so probably not the best plan
-
Unless you’re coding from scratch it’s hard to not do this with any modern framework.
A couple years ago I wanted to write a simple website with SQL injection vulnerability, so I could demonstrate sqlmap to someone
It was surprisingly difficult (and every fiber in my body screamed)
-
This post did not contain any content.
How about XÆa-12? Asking for a friend.
-
Word press code, and plugins, do not sanitize out of the box. You have to call an additional function, each time, that is not provided automatically. Many home made plugins miss that; many popular plugins used to be home made ones
Wordpress is a sin against mankind.
-
Wordpress is a sin against mankind.
Yet here we are, it and the plugins handle too much of my daily traffic. It’s easy to dismiss the piss poor coding, but is done at our peril.
Everyone of us has personal data stored in those God awful plugins, in their thousands of basic security holes
-
The article talks about a guy with a “NULL” license plate who gets tons of tickets for things he didn’t do so probably not the best plan
Yep. For the curious, any time a license plate photo couldn’t be fully read by the automated system, it was marked as “NULL” and he was flagged as the driver. So every single red light camera and speeding camera in the area was sending him to court every day.
-
I’ve been doing web development for something like 20 years now and I just can’t imagine how shitty your backend is if this is an issue.
It happened to a friend who wasn't passing in the proper types into their stored procedures, all strings, and "null" (not case sensitive) conflicted with actual null values. Everything in the web interface were strings, and so was null.
For some people it takes this mistake before they learn to always care about the data types you're passing in.
-
I have never seen this happen, and I don't know what tools would confuse the string "null" with NULL. From the comments in this thread, there are evidently more terribly programmed systems than I imagined.
Shit happens, mistakes are sometimes made. Valve once had code that could delete your entire drive.
