hahahahahahahahahahahahaha
http://www.securityfocus.com/news/307
Printable View
hahahahahahahahahahahahaha
http://www.securityfocus.com/news/307
Couldn't ahve happend to more deserving folks...
surprised?
no
Quote:
surprised?
no
/me chuckles...
Serve's em right. Especially after posting here on this thread...
/me chuckles again...then walks away calmly...
[P.S. - Scroll up and view the link :p]
Figures..... If you use IIS, You will get burned!!!
:zap:
That's too funny...having written dozens and dozens of scripts that call the shell (or system calls), I should know that when you have something like a 'search' function, you do NOT trust ANYTHING they would put in. This is also followed to a T when concerning forms on web pages. Never ever ever trust the user when concerning input data. If you had told sysadms 15 years ago that they would be making web servers where people they never knew would be putting data in fields that was parsed by various scripts on their server, they'd have laughed in your face.
Do I think the person who wrote the script should be canned? Hell yeah, you do NOT **** up like that when concerning customer data. Well, maybe written up a few times... I do realize **** happens, but that's just bad form.
This may be true for IIS' inherent bugs and such but this issue at hand was a scripting error, problematic to the programmer, not IIS.Quote:
Figures..... If you use IIS, You will get burned!!!
Quote:
Now that's pretty funny - not a surprise though.