![[ t ]](/images/structural/icon_twitter.gif){kind=icon}
Don't click it, that would be wrong...
This link runs a slooow SQL query on the RIAA’s server. Don’t click it; that would be wrong.
Found on reddit.com. I clicked it, just out of curiosity. It pulled a press-releases index page. I don’t know how someone knows it’s slow.
Follow Gadgetopia on Twitter
Comments
Looks like SQL injection if you look at the URL. The "news year filter" parameter is presumably just supposed to have a year but someone must think that it will execute the SQL at the end:
"2007%20UNION%20ALL%20SELECT%20BENCHMARK(100000000,MD5('asdf')),NULL,NULL,NULL,NULL%20--"
It was a very long running query before someone used the same vulnerability to delete their CMS's entire database. Read the comments on the reddit thread.
Oh, great. So I unwittingly tried to hack the RIAA? The link was a TinyUrl -- I should have known better. Nice.
Men in dark suits and sunglasses should be showing up anytime now...
Add Comment
- Duplicate Line by Ahmad, 10 hours, 41 minutes ago
- Tim on Web 2.0 and Trademarks by vwzkgnngovj, 1 day, 6 hours ago
- Bucket Wheel Excavators by random facts guy, 1 day, 12 hours ago
- Easy JavaScript Autocomplete / Intellisense Script by f.u, 1 day, 17 hours ago
- Tim on Web 2.0 and Trademarks by Termorelax, 1 day, 18 hours ago
- Show 5 more »
- PHPBB Password Analysis by Deane in 2009
- Yahoo Pipes by Deane in 2007
- URL Keyword Test by Deane in 2007
- The March to Vista is On by Deane in 2007
- iTunes U by Deane in 2007
- Show 11 more »
