Don’t click it, that would be wrong…

By Deane Barker on January 20, 2008

This link runs a slooow SQL query on the RIAA’s server. Don’t click it; that would be wrong.

Found on reddit.com. I clicked it, just out of curiosity. It pulled a press-releases index page. I don’t know how someone knows it’s slow.

Gadgetopia

Comments

  1. Looks like SQL injection if you look at the URL. The “news year filter” parameter is presumably just supposed to have a year but someone must think that it will execute the SQL at the end:

    “2007%20UNION%20ALL%20SELECT%20BENCHMARK(100000000,MD5(‘asdf’)),NULL,NULL,NULL,NULL%20–“

  2. It was a very long running query before someone used the same vulnerability to delete their CMS’s entire database. Read the comments on the reddit thread.

  3. Oh, great. So I unwittingly tried to hack the RIAA? The link was a TinyUrl — I should have known better. Nice.

    Men in dark suits and sunglasses should be showing up anytime now…

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.