Little Bobby Tables

We’re fans of haveibeenpwned.com around here, but a weird story came across my proverbial desk this week — [Troy Hunt] wrote a malicious SQL injection into one of their emails! That attack string was a simple ';--

Wait, doesn’t that look familiar? You remember the header on the haveibeenpwned web page? Yeah, it’s ';--have i been pwned?. It’s a clever in-joke about SQL injection that’s part of the company’s brand. An automated announcement was sent out to a company that happened to use the GLPI service desk software. That company, which shall not be named for reasons that are about to become obvious, was running a slightly out-of-date install of GLPI. That email generated an automated support ticket, which started out with the magic collection of symbols. When a tech self-assigned the ticket, the SQL injection bug was triggered, and their entire ticket database was wiped out. The story ends happily, thanks to a good backup, and the company learned a valuable lesson. Continue reading “This Week In Security: HaveIBeenPwned And Facebook Attack Their Customers” →

Hackaday

little bobby tables

1 Articles

This Week In Security: HaveIBeenPwned And Facebook Attack Their Customers

Search

Never miss a hack

If you missed it

MXM: Powerful, Misused, Hackable

VCF East 2024 Was Bigger And Better Than Ever

Microsoft Killed My Favorite Keyboard, And I’m Mad About It

Remembering Peter Higgs And The Gravity Of His Contributions To Physics

Chandra X-ray Observatory Threatened By Budget Cuts

Our Columns

Hackaday Podcast Episode 267: Metal Casting, Plasma Cutting, And A Spicy 555

This Week In Security: Putty Keys, Libarchive, And Palo Alto

Human-Interfacing Devices: HID Over I2C

Fail Of The Week: Can An Ultrasonic Cleaner Remove Bubbles From Resin?

Linux Fu: Stupid Systemd Tricks

Search

Never miss a hack

Subscribe

If you missed it

Our Columns