Learn More
Resend Email
81
Worst security bug/feature you've seen?
Week 25 Group Rant
doofy
7y

I've seen native SQL query in JavaScript sent to the backend to execute

undefined

wk25
Favorite
Ranter
Comments
  • 1
    7y
    Yeah, reasonable
  • 6
    7y
    What's the website? My friend Robert Tables wants to try it out.
  • 0
    7y
    @d4ng3r0u5 it is in a closed environment. Outside the local network is not accessible but when you work at there you can do whatever you want
  • 0
    7y
    @doofy if there is a network service/daemon running, it's accessible. I think we've figured that out the hard way, unfortunately.
  • 1
    7y
    @stable-penguin hmm, you are right! Sadly I cannot fix that now. I leaved that company a while ago :/
    I've told them to fix that when I left, but I don't know they did
  • 1
    7y
    @doofy I don't think there is a fix. Otherwise we wouldn't have massive data breaches even after companies and the USA have spent billions $$ on it.. maybe it's just a fact of life. Who knows. #TooDeepForMyMonday!
  • 2
    7y
    I've seen that running publicly, but with VBscript. oh, the horror
  • 1
    7y
    @doofy once you see it, you can't unsee it! 😂
  • 2
    7y
    What could possibly go wrong.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment