Don’t click it, that would be wrong…

By Deane Barker on January 20, 2008

This link runs a slooow SQL query on the RIAA’s server. Don’t click it; that would be wrong.

Found on reddit.com. I clicked it, just out of curiosity. It pulled a press-releases index page. I don’t know how someone knows it’s slow.

Gadgetopia

Comments

  1. Looks like SQL injection if you look at the URL. The “news year filter” parameter is presumably just supposed to have a year but someone must think that it will execute the SQL at the end:

    “2007%20UNION%20ALL%20SELECT%20BENCHMARK(100000000,MD5(‘asdf’)),NULL,NULL,NULL,NULL%20–“

  2. It was a very long running query before someone used the same vulnerability to delete their CMS’s entire database. Read the comments on the reddit thread.

  3. Oh, great. So I unwittingly tried to hack the RIAA? The link was a TinyUrl — I should have known better. Nice.

    Men in dark suits and sunglasses should be showing up anytime now…

Comments are closed. If you have something you really want to say, tweet @gadgetopia.