![[ t ]](/images/structural/icon_twitter.gif){kind=icon}
Don't click it, that would be wrong...
This link runs a slooow SQL query on the RIAA’s server. Don’t click it; that would be wrong.
Found on reddit.com. I clicked it, just out of curiosity. It pulled a press-releases index page. I don’t know how someone knows it’s slow.
Comments
Looks like SQL injection if you look at the URL. The "news year filter" parameter is presumably just supposed to have a year but someone must think that it will execute the SQL at the end:
"2007%20UNION%20ALL%20SELECT%20BENCHMARK(100000000,MD5('asdf')),NULL,NULL,NULL,NULL%20--"
It was a very long running query before someone used the same vulnerability to delete their CMS's entire database. Read the comments on the reddit thread.
Oh, great. So I unwittingly tried to hack the RIAA? The link was a TinyUrl -- I should have known better. Nice.
Men in dark suits and sunglasses should be showing up anytime now...
Comments are Closed
Thanks to all who participated.
- Why Ad Blocking Kinda Sucks by Dave, 3 hours, 48 minutes ago
- Nation Shudders At Large Block Of Uninterrupted Text by Anonymous, 5 hours, 19 minutes ago
- Nation Shudders At Large Block Of Uninterrupted Text by Anonymous, 5 hours, 20 minutes ago
- Joel Spolsky on Twitter by Mark, 8 hours, 53 minutes ago
- Joel Spolsky on Twitter by Doug D, 4 days, 15 hours ago
- Show 5 more »
- No Money for Email at the FBI by Deane in 2006
- The Flickering Ghosts of Pac-man by Deane in 2006
- The Atari Landfill Rumor by Deane in 2005
- Jeff Bezos and his Spaceport by Deane in 2005
- Unintentionally Spamming Search Terms by Deane in 2003
- Show 0 more »