Don't click it, that would be wrong...

Jan 20

Don't click it, that would be wrong...

This link runs a slooow SQL query on the RIAA’s server. Don’t click it; that would be wrong.

Found on reddit.com. I clicked it, just out of curiosity. It pulled a press-releases index page. I don’t know how someone knows it’s slow.

by Deane January 20, 2008 5:02 PM

Comments

by Josh, January 20, 2008 6:56 PM

Looks like SQL injection if you look at the URL. The "news year filter" parameter is presumably just supposed to have a year but someone must think that it will execute the SQL at the end:

"2007%20UNION%20ALL%20SELECT%20BENCHMARK(100000000,MD5('asdf')),NULL,NULL,NULL,NULL%20--"

by Dave, January 20, 2008 7:12 PM

It was a very long running query before someone used the same vulnerability to delete their CMS's entire database. Read the comments on the reddit thread.

by Deane, January 20, 2008 11:13 PM

Oh, great. So I unwittingly tried to hack the RIAA? The link was a TinyUrl -- I should have known better. Nice.

Men in dark suits and sunglasses should be showing up anytime now...

Add Comment

Want to advertise on this site? Contact FM.

Another Hurricane-Proof House by xav, 6 hours, 9 minutes ago
Ubuntu: Apple Threat? by Sunny, 14 hours, 48 minutes ago
The 12-Year-Old Spy by Lohikan, 18 hours, 23 minutes ago
They Want It That Way by Brian & Monica, 1 day, 3 hours ago
Taipei 101: World's Tallest by bleh, 1 day, 18 hours ago
Do Anonymous Domain Registration Outfits Actually Work? by Andy, 2 days, 8 hours ago
The O.C. Video Game by blah blah blah=], 2 days, 9 hours ago
Net Disaster by amichai, 2 days, 10 hours ago
The 12-Year-Old Spy by Tech, 2 days, 23 hours ago
MaxMind's Geo-Location Service by Steve, 3 days, 2 hours ago
Show 5 more »

Highlighting HTML Markup Errors by Deane in 2007
My Documents, Your Documents by Dave in 2007
What's that big spikey thing... by Deane in 2005
Seriously About VR by Deane in 2005
James Bond and Flash 8 by Deane in 2005
Geographically Targeted Banner Ads by Rob in 2004
Google Desktop Search Released by Deane in 2004
China Gets the Bronze! by Keith in 2003
Google and Trackbacks by Deane in 2003
Seemingly Useless Keys Explained by Deane in 2003
Running a Mac in a PC World by Deane in 2003
The 10 Best Intranets of 2003 by Deane in 2003
Seeing Daredevil-Style by Deane in 2003
Feed Discovery Markup Language by Deane in 2003
Legos: The Original Geek Toy by Deane in 2003
EMC Buys Documentum by Deane in 2003
The Ultimate Interface by Dave in 2003
The New Look (and Sound) of Libraries by Deane in 2003
Show 13 more »

Web Hosting Web hosting, dedicated servers and Web design services

Laser Toner Cartridges UK laser toner, toner cartridges, hp toner, lexmark toner, samsung toner, canon, toner, epson toner, oki toner, kyocera toner, xerox toner, remanufactured toner, compatible toner

Direct TV Deals Free 4 room direct tv deals. no equipment to buy. free fast professional direct tv installation. this is the best direct tv deal available anywhere.

SEO Article Learn from the experts with our SEO article.

rope light Shopping with birddog distributing, inc., gives you access to the lowest prices, the best customer service and the quickest delivery times possible.

Laptop AC Adapter We offer genuine factory direct replacement AC adapters.

Direct TV Best satellite TV deals.

Direct TV Deals Direct TV programming deals are varied and include packages containing from 50 channels up to over 250 channels.

8mm film to DVD Retain family memories with the only frame by frame digital restoration service in the United States for your 8mm film to DVD today

Rubber Stamp Shop for custom self-inking stamps, hand stamps, address stamps, label stamps, check endorsement stamps, check deposit stamps, date stamps, pre inks, pocket stamps, ink and much more!

Gadgetopia