32
jimmeh
8y

'; DROP TABLE users --

Comments
  • 4
    Try it with email or password or something that's more ignored for securing against sql injection :P I've seen pages that had secured input from content, but with a single registration you could send the whole thing to hell.

    Don't kill devRant, what would we do in work/school then? :(
  • 3
    @KeyWeeUsr I wasn't trying to do anything. I added all the tags when I wrote the rant. It was meant more as a joke.

    Future reference, other fields, but also a lot of URL's aren't secured when they contain search parameters, like a rant id ;)

    But I've heard the "rant id" is actually a hash, so @dfox and crew are already safeguarding a lot. That's why I felt comfortable giving the above a shot without fear of actually doing harm.
  • 7
    As long as he didn't drop the rants table we're good ^^
  • 2
    @jimmeh I just find funny to write such a sentence. It's kind of expected to secure the page/app against such things if you invite devs to fool around. Don't worry, you aren't the first, nor the last who posted a rant or a profile with similar sql :D Actually, this is probably the third rant specifically about dropping users table. :P
  • 0
    @KeyWeeUsr I guess I don't get points for originality 🤗. Like I said, it was just funny. I would hope I'd your entire community is for developers, you secure your shit.
  • 1
    i love doing sql injection / xss tests mainly because if i find one i mess with other people using that environment e.g. i have a really arrogant grinning emoji i inject through an iframe so they know it was me
  • 0
    But devRant uses neo4j! Not sure if they also use a relational db.
Add Comment