Hacker News new | comments | show | ask | jobs | submit login

curl -I www.reddit.com

    HTTP/1.1 200 OK
    Content-Type: text/html; charset=UTF-8
    Server: '; DROP TABLE servertypes; --
    Date: Fri, 07 Dec 2012 10:30:26 GMT
    Connection: keep-alive



Haha, brilliant!


I don't get it - What am I missing?


    Server: '; DROP TABLE servertypes; --
It's a mysql injection. If someone was scraping headers and logging them and wasn't validating the input -- and their database was named "servertypes" -- it would delete the database.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: