Really, they didn’t clean text on text fields allowing them to be read as code? That is basic stuff.
But, no... the hackers should be sued. It is one thing to expose vulnerabilities and inform the website of those vulnerabilities. It is another to steal customer data and try and sell/give it out to legit everyone. The hackers are evil evil people.
Really, they didn’t clean text on text fields allowing them to be read as code?
Is that really what happened? I would have at least assumed comp'ed cloud or data center people. So tired of our side taking L's due to our own retardation.
"According to DDoSecrets' Best, the hacker says that they pulled out Gab's data via a SQL injection vulnerability in the site—a common web bug in which a text field on a site doesn't differentiate between a user's input and commands in the site's code, allowing a hacker to reach in and meddle with its backend SQL database."
“Please select a username could work if it went like this:
A row of alphanumeric drop-downs, like 12 of them with an option to add more by pressing the + button to the right. Then username gets chosen a single letter at a time. This concept would not be too popular for posting content in a forum or sending messages.
Really, they didn’t clean text on text fields allowing them to be read as code? That is basic stuff.
But, no... the hackers should be sued. It is one thing to expose vulnerabilities and inform the website of those vulnerabilities. It is another to steal customer data and try and sell/give it out to legit everyone. The hackers are evil evil people.
Is that really what happened? I would have at least assumed comp'ed cloud or data center people. So tired of our side taking L's due to our own retardation.
This has happened to many leftists companies too. They can learn from this and improve.
That's crazy. Salting passwords and shit is literally some of the easiest shit you can do that makes shit like this impossible
Looks like it was just that. From OP's comment:
"According to DDoSecrets' Best, the hacker says that they pulled out Gab's data via a SQL injection vulnerability in the site—a common web bug in which a text field on a site doesn't differentiate between a user's input and commands in the site's code, allowing a hacker to reach in and meddle with its backend SQL database."
WTF year is it? 2000? Did they write this shit in PHP?
PHP runs most websites. It's easy to sanitize user input. Whoever wrote gab is an idiot.
Maybe they dropped a garage door pull while committing the crime.
Pretty sure they sanitize their inputs - that's base 101-level stuff these days.
Wouldn't it be a better catch-all solution to use prepared statements, rather than trying to think of the ways in which you need to clean the text?
"Please select a username from this list" "Please select a comment from this list" would be a pretty terrible social network.
“Please select a username could work if it went like this: A row of alphanumeric drop-downs, like 12 of them with an option to add more by pressing the + button to the right. Then username gets chosen a single letter at a time. This concept would not be too popular for posting content in a forum or sending messages.