Friday, June 17, 2011

Fear the deadly typo!

Being a huge music fan, as well as a big fan of the Bonaroo music festival, I really enjoyed all of the updates posted to the official Bonaroo Facebook page during the festival. Surprisingly enough, accidentally "fat fingering" a single quote whenever attempting to copy and paste a link to one of their recent blog posting presented me with the following error.
















As you can see in the above image, I attempted to contact the bonaroo.com webmaster about this obviously exploitable SQL Injection bug, but to no avail. I guess the lesson here is that if you are going to write insecure code, at least remember to turn off detailed error reporting in a production environment. D'oh!