Oh'yeah', lol, I forgot, I got into the c0nservative's website backend last night and posted a news story about how Thature is going on a Club 18-30s holiday in falaraki for her birthday.

( G/PP 💩💩💩💩💩&#128, Sat 16 Oct 2010, 17:32, 2 replies, latest was 15 years ago)

Yeah, I managed to get in too.
Did you get a screencap? So overcome was I with excitement that I forgot to use a proxy, so my IP address is all over that bitch. Hopefully they'll be hunting down the 4chan haxxorz.
( Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 17:33, Reply)

Have they fixed it now so it can't be accessed?

(lkjshaglkasjdhglkhjz lkcvl; g;aodh;owih, Sat 16 Oct 2010, 17:40, Reply)

Yeah, within about ten minutes of it appearing on /talk last night.
4chan ripped it to shreds and it was blocked soon after.
( Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 17:52, Reply)

I would like to see some screengrabs but 4chan does my head in so won't head over there.

(lkjshaglkasjdhglkhjz lkcvl; g;aodh;owih, Sat 16 Oct 2010, 17:56, Reply)

I'd link you up but they're all 404 now.

( Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 18:02, Reply)

Tee hee, ditto.
I doubt they'd be interested in us though. I believe, and I could be wrong here, they'd have to prove that me and you had something to profit out of it and that the one page we did each caused it to crash out.
( G/PP 💩💩💩💩💩&#128, Sat 16 Oct 2010, 18:06, Reply)

What went on here?

( Lampito rise with the moon, go to bed with the sun, Sat 16 Oct 2010, 18:03, Reply)

The conservatives.com server had a PHP script error which meant you could get into the admin page and fuck shit up.
Some people did, I'll check my cache, hang on. Edit: nah, all gone, sorry.
( Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 18:08, Reply)

Sounds hilolrious.
I'll look on the news/"news" sites.
( Lampito rise with the moon, go to bed with the sun, Sat 16 Oct 2010, 18:17, Reply)

It was pretty low-key I think.
www.b3ta.com/talk/6993915
( Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 18:18, Reply)

Woo anarchism!
Fight the power!
( girlinthehole, Sat 16 Oct 2010, 18:20, Reply)

i don't understand this computer lingo
so i'll just ask what you are all up to tonight?

i'm watching "the simpsons" then heading south of the river for dinner!

gonz, that there below has just proved my point!!!
( rachelswipe with a fork, Sat 16 Oct 2010, 18:22, Reply)

I'm going to sit at home and wait to be abducted by aliens.
IT WILL HAPPEN!
( girlinthehole, Sat 16 Oct 2010, 18:24, Reply)

No you won't. Clingons AREN'T REAL.

( JeffTheDogFucker Can you dig it?, Sat 16 Oct 2010, 18:30, Reply)

Klingons !!!

( girlinthehole, Sat 16 Oct 2010, 18:37, Reply)

You expect me to know?
More to the point, do you expect me to care?

I won't point out that 'Kilngons' aren't real either
( JeffTheDogFucker Can you dig it?, Sat 16 Oct 2010, 18:38, Reply)

SOTR FTW.
I'm probably going to lie in bed for a bit.
( Lampito rise with the moon, go to bed with the sun, Sat 16 Oct 2010, 18:30, Reply)

sotr??
why am i not down with the kidz any more?

edit - south of the river. i presumed it was something on tv or summat.

god i'm thick.

we're off to streatham, whereabouts be you then??
( rachelswipe with a fork, Sat 16 Oct 2010, 18:33, Reply)

I'm in Camberwell.
Ignore Al, he's just jealous he doesn't live here.
( Lampito rise with the moon, go to bed with the sun, Sat 16 Oct 2010, 18:42, Reply)

It's not even a code error, it's a bad coding practice. How it works (basicly) is like this.
$sql = "SELECT * FROM users WHERE (username='$username') AND (password = '$password);";

So that 'sql' script will look in a table (like a spreadsheet) called 'users' and select all the rows where the column 'username' is the same as the input ($username), and the column password = $password... and then return that row so you can do something with it.

By making the $username = 'admin', which is pretty standard (at least, shouldn't be, but is used a lot) is almost always there, it turns the script into

$sql = "SELECT * FROM users WHERE (username='admin') AND (password = '$password');";

By setting $password to ') OR ('1' = '1 means that it'll run

$sql = "SELECT * FROM users WHERE (username='admin') AND (password = '') OR ('1' = '1');";

So we're looking for where the username = 1, the password = 'blank' OR 1 = 1..... 1 always = 1 and so would return the row and allow the aurtherisation to take place.

For you geeks out there, I only know MySQL, which doesn't use the () on select statements, so I'm guessing that's the syntax for whatever database system they're using, maybe MS SQL? I donno, that bit is an estimate.
( G/PP 💩💩💩💩💩&#128, Sat 16 Oct 2010, 18:19, Reply)

*blank stare*

( girlinthehole, Sat 16 Oct 2010, 18:21, Reply)

-blinks-
Nope.
( Lampito rise with the moon, go to bed with the sun, Sat 16 Oct 2010, 18:26, Reply)

It's quite a common error then?

( Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 18:23, Reply)

Used to be, not so much these days with frameworks that automaticlly build the statement.
For example, in my framework I've built, it'll do....

$table = "users";
$data = array('username' => $username, 'password' => $password);
$row = $core -> db -> select_row($table, $data);

'select_row' inside 'db' inside 'core' is a function that would build the sql statement, making sure that all everything in the $data array is Escaped. There are sevrel ways of doing this, but this is the most basic example that people might understand. Another one would be

$sql = $core -> -> db -> makeSQL("Select * from users where username = ? and password = ?", $username, $password);

Which would do something similar.

The bold stuff I would normally do a few things with it first, but a lot of people give that direct access to a database.

The vars and names are changed to protect the innocent.
( G/PP 💩💩💩💩💩&#128, Sat 16 Oct 2010, 18:31, Reply)

To be honest, it constantly amazes me that
someone with such a tenuous grip on the English language has such an eye for coding. This is more praise than criticism I'll admit.
( Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 18:33, Reply)

It's makes more sense to me, code, rather than english.
Take this just as a brief example

"Jane has a cat, the cat was painted red. She threw it into a mirror until the mirror smashed"

// This is already created before this point normally
$mirror = new Object();
$cat = new Cat();
$jane = new User();
// This is the only bit I'd have to do really
while($user -> action('throw', array($cat,$mirror) ) !== $mirror->get('integraty') {
$mirror->set('integraty', 'smashed');
}

So with that, it'll tell the user to perform the action 'throw' the 'cat' into the 'mirror' until the mirror's var 'integraty' is smashed.... in this case, it would do it the once.

..... That doesn't quite make sense, but my brain deffo sees code better than english.

What I'm currently working on at work is 7gb worth of objects, views and stuff, so most of it is already written, but I have to find out exactly where it is, and make sure I don't over-write it. But in the same way if this was writting in english, I would have to find out who jane is, what a cat is and what a mirror is. In english, it's ovbouse what a mirror and cat is, and to me it is in code too, 'cus I can read it and know where to look to find it (almost like knowing the page numbers that describe the jane/mirror/cat).
( G/PP 💩💩💩💩💩&#128, Sat 16 Oct 2010, 18:44, Reply)

It sure impresses me.

( Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 18:46, Reply)

The MVC stuff you're learning down there is seriously comercial'able stuff.
CodeIgnitor might be a better way to go about it though, you won't have to re-learn a lot, just a few core functions. I managed to learn the base of it inside a few days... it sounds like you wouldn't be too far off from me if you're already doing OOP.
( G/PP 💩💩💩💩💩&#128, Sat 16 Oct 2010, 19:01, Reply)

The sollution is using something called a "Real Escape String".
This puts a slash before the ' (so it would look like this

$sql = "SELECT * FROM users WHERE (username='admin') AND (password = '/') OR (/'1/' = /'1');";

So it would be looking for a password called ') OR ('1' = '1, and therefore wouldn't match up in the database, not return a row, and the page will say "Incorrect combination".
( G/PP 💩💩💩💩💩&#128, Sat 16 Oct 2010, 18:24, Reply)

Ah, the old Real Escape String escape.
*shakes head* *lights pipe* Classic.
( Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 18:31, Reply)

If you wanna get into this sort of things in a comercially viable way, learn and use this....
codeigniter.com/

Almost _every_ job I applied for said that was a major factor. Another one to learn is something called jQuery for javascript. Both are amazing tools, I've built stuff inside days which would have taken months without it.
( G/PP 💩💩💩💩💩&#128, Sat 16 Oct 2010, 18:34, Reply)

I'm struggling to get my head around ModX at the moment
I think a sojourn into constructing PHP apps is a little out of my comfort zone =o)
( Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 18:36, Reply)

I just googled ModX, it's almost identical, in the respect that it's an MVC PHP system, but it looks more complicated.
They both use ActiveRecord syntax for database stuff though, which is cool.
( G/PP 💩💩💩💩💩&#128, Sat 16 Oct 2010, 18:46, Reply)