Comments on: Android executes everything you type http://hackaday.com/2008/11/09/android-executes-everything-you-type/ Fresh hacks every day Wed, 25 Nov 2009 17:45:18 +0000 http://wordpress.com/ hourly 1 By: cde http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50233 cde Mon, 10 Nov 2008 20:38:46 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50233 @mrlipring Credit where credit is due -_- http://xkcd.com/327/ @mrlipring
Credit where credit is due -_-

http://xkcd.com/327/

]]> By: mrlipring http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50231 mrlipring Mon, 10 Nov 2008 19:54:11 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50231 Reminds me of this: School: Did you really name your son Robert'); Drop Table Students;--? Mom: Oh. Yes. Little Bobby Tables we call him School: Well, we've lost this year's student records. I hope you're happy. Mom: and I hope you've learned to sanitize your database inputs. Reminds me of this:

School: Did you really name your son Robert’); Drop Table Students;–?
Mom: Oh. Yes. Little Bobby Tables we call him
School: Well, we’ve lost this year’s student records. I hope you’re happy.
Mom: and I hope you’ve learned to sanitize your database inputs.

]]> By: PocketBrain http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50183 PocketBrain Mon, 10 Nov 2008 15:12:51 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50183 Reminds me of a friend from college who had to use a pseudonym to shop at Service Merchandise (they had a terminal entry supply system that shoppers could use). His last name was "Cancel". Seriously. His orders would get canceled (no surprise) when submitted. Reminds me of a friend from college who had to use a pseudonym to shop at Service Merchandise (they had a terminal entry supply system that shoppers could use). His last name was “Cancel”. Seriously. His orders would get canceled (no surprise) when submitted.

]]> By: Anne H http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50099 Anne H Mon, 10 Nov 2008 03:20:07 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50099 This reminds me of an early issue with Dow Jones News Retrieval Quotes during the dial-up dials. I don't recall which company had the ticker symbol "DISC" back then, but if you had it in your portfolio and requeted the quote, their service hung up. It was understood as DISConnect. This reminds me of an early issue with Dow Jones News Retrieval Quotes during the dial-up dials. I don’t recall which company had the ticker symbol “DISC” back then, but if you had it in your portfolio and requeted the quote, their service hung up. It was understood as DISConnect.

]]> By: jaduncan http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50070 jaduncan Sun, 09 Nov 2008 23:04:16 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50070 The SUID problem on telnet is then presumably not a SUID problem. User account types it, telnetd fails to create the port. However, the background root service starts it. For further fun of this type, merely enter "rm -rf /" as the user and wait for the phone to turn off by itself! The SUID problem on telnet is then presumably not a SUID problem. User account types it, telnetd fails to create the port. However, the background root service starts it. For further fun of this type, merely enter “rm -rf /” as the user and wait for the phone to turn off by itself!

]]> By: macegr http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50067 macegr Sun, 09 Nov 2008 22:32:45 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50067 I'm having difficulty figuring out how this could have been set up accidentally. It must have been used to run some commands in the early tests before the user interface was completely finished. I’m having difficulty figuring out how this could have been set up accidentally. It must have been used to run some commands in the early tests before the user interface was completely finished.

]]> By: herbicide http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50066 herbicide Sun, 09 Nov 2008 22:29:34 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50066 That's a definite oops. That’s a definite oops.

]]> By: Sean http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50064 Sean Sun, 09 Nov 2008 21:52:51 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50064 wow... how could that be missed? that is certainly one enormous design flaw. wow… how could that be missed? that is certainly one enormous design flaw.

]]> By: PocketBrain http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50060 PocketBrain Sun, 09 Nov 2008 21:20:20 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50060 How did _that_ one get by the dev team? Just think of the power you have... to accidentally screw things up. Maybe it was a debug feature that was supposed to be closed up and wasn't. How did _that_ one get by the dev team? Just think of the power you have… to accidentally screw things up. Maybe it was a debug feature that was supposed to be closed up and wasn’t.

]]> By: TheBlunderbuss http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50057 TheBlunderbuss Sun, 09 Nov 2008 21:01:49 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50057 It's not a bug either! It’s not a bug either!

]]> By: therian http://hackaday.com/2008/11/09/android-executes-everything-you-type/comment-page-1/#comment-50052 therian Sun, 09 Nov 2008 20:50:23 +0000 http://hackadaycom.wordpress.com/?p=5660#comment-50052 this is not a but, it is a feature :) this is not a but, it is a feature :)

]]>