I’ve recently come across a site that doesn’t sanitize their input. I have two options:
- Email the administrative contact for the domain name
- Drop their tables (╯°□°)╯︵ ┻━┻
I’m going to go with option 1 because I’m not a complete jerk. I do hope the user accessing the database with this input has read-only permissions, though. I can’t be the only one to have discovered the exploit.
SQL injection is actually a really interesting exploit because it’s such an easy trap to fall into. I might set up an intentionally vulnerable PHP website just so I can mess around with what’s possible given the different types of permissions you can give the server-side MySQL user. Fortunately, when I was learning PHP and MySQL in middle school from Spoono.com, I was taught that this exploit exists and how to sanitize your input. I really wish I did have a cool “oh I was stupid and my tables got dropped and now I learned my lesson” store, but I don’t.
