At 4:38 PM -0400 7/19/08, Robert Cummings wrote:
On Sat, 2008-07-19 at 16:31 -0400, tedd wrote:
> No problem -- I had the data backed-up anyway. I figured that someone
would do what you did and I was ready for it -- it was easy enough to
> fix.
-snip-
What do you mean backed up? I just replaced the filler data on the page
with some filler JavaScript that basically did the following:
<script>document.body.innerHTML = 'Rob was here';</script>
I didn't do anything to your server files. It was easily remedied by
loading the page with JavaScript disabled.
I hope you didn't think I tainted your filesystem. I wouldn't do that
even as a joke.
Well, that's not what happened. All the data shown here --
http://www.webbytedd.com/a/easy-page-db/
-- is pulled directly from my database.
When you put:
<script>document.body.innerHTML = 'Rob was here';</script>
into the first paragraph and filled the remaining paragraphs with
large hunks of text and clicked "save", all the previous data was
replaced with your additions. Everything I had there was gone.
When I inspected the dB, the only data there was yours.
Fortunately, I had created a sql dump before showing this page to
anyone because I knew that whatever anyone put into that page, would
go directly into my dB -- so I expected some changes. I just had not
expected such a large change nor someone placing code in it.
As you can imagine, it could have been a lot worse for me -- so
thanks for enlightening me as to hazards of leaving something that
insecure open for inspection.
No harm done.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
