This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 11 years ago.
I am visiting a site and I mistakenly entered a single quote while I was trying to hit the enter key.
The URL that got sent is: http://www.domain.tld/link.php?id=2603' (censored :) )
Resulting in the following response from the site:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
I've tried to do: http://www.domain.tld/link.php?id=2603; SHOW TABLES; But that didn't work :P
So my question is: can this site vulnerable to sql injection?
Most likely yes. Without getting into the details of how to perform an actual injection attack, you could try something like:
http://www.domain.tld/link.php?id=2603';malicious code --
Incidentally, I HIGHLY recommend that you not dink around with this too diligently. Accessing other computers in an unauthorized manner is against the law in the US and many other countries, and if you do something damaging, they can come after you. The best bet is to contact the site's owner and let them know exactly what you're seeing so that they can address the issue.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I work for a company which handles some websites that have educational forms prospective students can fill out if they wish to be contacted by a college.
We have attempts coming in from two overseas countries, which are continually filling out and attempting to submit forms using ridiculously bogus information. The only possible outcome if these were to go through would be that the school would try to call them.
I cannot figure out how this could potentially benefit them, in any way shape or form. It seems like it's probably a bot, because they are inserting integers for first name, last name, and email address. I've even considered that some companies I've heard of boost their site traffic unethically by having people (or bots) falsely cause hits on their pages, etc. I don't think that's the case here but I'm not sure.
This isn't my project, but someone mentioned it to me and I found it intriguing. What possible benefit would a bot or hacker have from doing this? Each attempt has been unsuccessful but even if it got through, what's the point? Did someone actually send a bot to try and spam educational websites where all you can do is submit an inquiry to a school? What's going on here, ideas?
My best guess is that it's a bot someone put out there and it's hitting our site by mistake. I don't get it, but I'm not a security ninja. I would love possible scenarios, preferably evidence/fact-based, not opinions if you can't back it up - nothing personal, it's just that I know these are the rules of Stack Overflow.
So if you have a fact-based hypothesis why this may be happening, I would love to understand the how/why...
I don't think that you will ever find any useful answer to your question, because there are lots of reasons that someone may do this. It may be "for fun", increase google ranking, or there are personal "rivalries" between someone else with the company.
Well, you can see at least if the spam comes from automated bot ( if you can change the html/backend code), using the honeypot method, nested somewhere in the form. If the spam stops, it should be an automated spam bot, and most likely you should consider it as a random spam, otherwise someone may have created a spam script for your site and they may do for fun or for other purposes.
P.S. : Do not use ReCaptcha, as some bots can break it.
It's most likely a bot attempting SQL injection.
How does the SQL injection from the "Bobby Tables" XKCD comic work?
The bot isn't trying to insert data into your database. It is trying to maliciously craft responses so that it can retrieve data from your database, or perhaps just delete all of it.
You need to make sure that all your SQL queries are properly escaped to prevent request data from the bot modifying database queries to work in unintended ways.
If you provide some examples of the requests, StackOverflow will be be able to tell you exactly what's going on.
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 9 years ago.
All of a sudden I've found my Google contacts-integrated web app failing to make straightforward calls to the server.
I haven't changed a stitch of oAuth code in months but all of a sudden I can't connect or make calls on existing tokens.
The return is mostly garbage but in the header I'm getting a 401 - Unauthorized and in the body you have:
Error
401
(Client Error)!!1
That's an error.
There was an error in your request.
That's all we know.
I've since tried to run a few calls in the oAuth 2.0 Playground and experienced similar behaviour. Any one else seeing this?
I've JUST seen this thread from a month ago: Google Contacts Data Api 401 error
The docs have been restored however.
GOOGLE DEVS: Any insight on this matter is MUCH APPRECIATED ASAP.
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 9 years ago.
My facebook applications started to fail for apparently no reason. I keep getting this error when trying to load the application: Error 324 net::ERR_EMPTY_RESPONSE.
I have valid ssl certificate, the application code is pretty basic and right (i've even tested an empty application and still doesnt work). Everything seems to be ok, but the truth is that it fails to work now.
One important thing is that when i access the application outside the facebook it works and maybe something is cached making it work next time i try to access it by facebook. If i clear the cache it fails to work again.
Checking the server logs i see no attempt of connection by facebook. Don't know if it's something related to apache server.
Any help would be appreciated.
Solved.
It was a problem with apache. We just recompiled it (cpanel easy apache) and it works now.
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 9 years ago.
I have an iOS app where I upload objects to an Amazon S3 bucket and want to retrieve from CloudFront distribution.
I am using CloudFront with private distributions for my Amazon S3 bucket and when I generate a signed URL it does not work, in Safari it returns AccessDenied AccessDenied and some random alphanumeric string, My Signed URL I just generated (Expiration date in 24 hours) -- should be expired by now
I read the following site to get all my security credentials in place and I have also setup a private distribution with my S3 Bucket by reading the documentation and I have setup the trusted signers which is basically just my account
I have used code from this site to generate the signed URL
But again I have had absolutely no luck, when I put the link in Safari it returns AccessDeniedAccessDenied and some random alphanumeric string. Why? Any problem? Any step I am not following?
Thanks for any help! I appreciate it, this is important for me as I need to create an app where CloudFront would be very important for speed and international distribution...
Thanks everyone for upvoting, I figured out my problem. I didn't follow the step of create an access origin identity. Now it works like a charm. Woohoo!
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 11 years ago.
I keep getting rejected from apple because of a "library not loaded" error every time I submit my app. (more detail can be found in my previous question here)
I couldn't find any usage of this library in question except in a test project that was in no way linked to my production project. So it makes me think the library isn't actually required, yet when I do a build it's somehow making it's way into the .app file
Is it possible for me to tell from the output what external libraries are required to run it?
I would trash my Distribution build setup from targets and create a new one cloning it from a trusted Ad Hoc build setup.
If the Ad Hoc works and has been tested, it should not cause any problem as a Distribution setup (just remember to remove the entitlements and change the provisioning profiles).