<address id="vnbjp"><del id="vnbjp"></del></address>
    <progress id="vnbjp"></progress>
    <cite id="vnbjp"></cite>
    <progress id="vnbjp"><i id="vnbjp"><address id="vnbjp"></address></i></progress>
    <cite id="vnbjp"></cite>
    <var id="vnbjp"><del id="vnbjp"><noframes id="vnbjp">
    <cite id="vnbjp"><video id="vnbjp"></video></cite>
    <cite id="vnbjp"></cite>

    Obscure code hell and a security hole for a bus

    It would be nice to be able to say "only joking" about this code; however this code was live, on the internet. Spot the bus sized security hole.

    The code sample is color coded because I needed to demonstrate to some non-techies what a mess things were, and showing them the language mish-mash like this worked well. Sorry if you only have a narrow screen; I didn't fancy trying to word-wrap it ...

    Answer to the security hole below:

    Key:
    JSP Server-side scripting language
    HTML Client display layout
    Java Server-side programming language
    JavaScript Client scripting language
    SQL Database programming language
    CSS Client display style

    Code:

    ...
    <script>
    function saveSnippet(controlname) {
    var myvalue = document.all[controlname].value;
    mysql = "update mgruat.conf_component set <%=locale%>='"+cleanvalue(myvalue)+"' where id="+(controlname.substring(5));
    processQueue(mysql);
    document.all[controlname].style.backgroundColor="#ffffff";
    }
    </script>
    ...
    <%for (int i = 0; i < queryResult.length; i++) { %>
    ...
    <TD width="10"><INPUT style="width:300px;" onfocus="spansave<%=queryResult[i][0]%>.style.visibility='visible';this.style.background='#ffffcc'" value="<%=codedResult%>" type="Text" name="value<%=queryResult[i][0]%>"></TD>
    <TD><span id="spansave<%=queryResult[i][0]%>" style="visibility:hidden;"><NOBR><a href='javascript:;' onclick='spansave<%=queryResult[i][0]%>.style.visibility="hidden";saveSnippet("value<%=queryResult[i][0]%>")'><img src="/contenteditor/icons/save.gif" width="18" height="18" alt="" border="0" align="absmiddle"/> save</a></NOBR></span></TD>
    ...
    <%} %>
    ...
    ...

    It's not there any more ;-P.

    Digging the project out of this hole is what inspired me to write DWR.

    Curious to the security hole? Answer in white on a white background below, select the text to view:

    The SQL is embedded in Javascript and not Java, so the functions that it is passed to send the Javascript back to the server for execution. So altering the SQL to 'DROP DATABASE' is rather easy.

    Comments

    Rob Re: Obscure code hell and a security hole for a bus

    At my previous job we JSP's like that were a regular thing. Its amazing how those kind of things were just developed because its "always been done that way".
    75秒极速时时彩官网
      <address id="vnbjp"><del id="vnbjp"></del></address>
      <progress id="vnbjp"></progress>
      <cite id="vnbjp"></cite>
      <progress id="vnbjp"><i id="vnbjp"><address id="vnbjp"></address></i></progress>
      <cite id="vnbjp"></cite>
      <var id="vnbjp"><del id="vnbjp"><noframes id="vnbjp">
      <cite id="vnbjp"><video id="vnbjp"></video></cite>
      <cite id="vnbjp"></cite>
        <address id="vnbjp"><del id="vnbjp"></del></address>
        <progress id="vnbjp"></progress>
        <cite id="vnbjp"></cite>
        <progress id="vnbjp"><i id="vnbjp"><address id="vnbjp"></address></i></progress>
        <cite id="vnbjp"></cite>
        <var id="vnbjp"><del id="vnbjp"><noframes id="vnbjp">
        <cite id="vnbjp"><video id="vnbjp"></video></cite>
        <cite id="vnbjp"></cite>
        apex英雄新英雄 守望先锋国服内测 热血传奇密码找回 首尔到大邱ktx时刻表 莱加内斯对战塞维利亚 全民飞机大战无敌辅助 金皇冠炸金花游戏下载 海底总动员主角 奇才vs雷霆 百人牛牛 控制 算法

        Tom Hawtin Why?!

        What do you suppose goes through the mind of the programmer that so blatantly gives the client SQL? The only reason I can think of they don't give a toss, just so long as they can pass it off with the least personal effort. That attitude probably goes for the vast majority of programmers.
        apex英雄新英雄 守望先锋国服内测 热血传奇密码找回 首尔到大邱ktx时刻表 莱加内斯对战塞维利亚 全民飞机大战无敌辅助 金皇冠炸金花游戏下载 海底总动员主角 奇才vs雷霆 百人牛牛 控制 算法

        Joe Walker Re: Obscure code hell and a security hole for a bus

        The strange thing is, I've met the programmer in question and he is a *very* smart bloke, and I'm fairly sure he knew exactly what he was doing.
        So here's an interesting perspective; I don't totally agree with it but it is worth noting:
        The programmer was under pressure to get a job done as quickly as possible, and (with the benefit of hindsight) correctly judged that noone would find the security hole. So he took a gamble (albeit a potentially costly one) and it paid off.
        apex英雄新英雄 守望先锋国服内测 热血传奇密码找回 首尔到大邱ktx时刻表 莱加内斯对战塞维利亚 全民飞机大战无敌辅助 金皇冠炸金花游戏下载 海底总动员主角 奇才vs雷霆 百人牛牛 控制 算法

        Comments have been turned off on old posts

        apex英雄新英雄 守望先锋国服内测 热血传奇密码找回 首尔到大邱ktx时刻表 莱加内斯对战塞维利亚 全民飞机大战无敌辅助 金皇冠炸金花游戏下载 海底总动员主角 奇才vs雷霆 百人牛牛 控制 算法