Simon Willison’s Weblog

Well bad if such attempts to hack the database work...

A little less bad if proper escaping of SQL parameters are actually done on query execution - but in that case, why even advertise such things to customers?

Peter Mescalchin - 14th May 2010 00:58 - #

omg

zomg - 14th May 2010 04:17 - #

Also when selecting your security questions, your first roommate shouldn't be named Robert'); DROP TABLE Customer;--

huxley - 14th May 2010 04:28 - #

Fortunately it looks like they're using it as a primitive spam or hacking filter, not that little Bobby Tables will ruin your finances. (If you're using those words, you're trying to mess with their system.)

Erik Vorhes - 14th May 2010 04:42 - #

I recognise this problem! I'm guessing they have mod_security for Apache installed and badly configured, and this is a workaround until they can get someone in to fix it.

Well, that explains the banned words, anyway. The apostrophe is far more worrying.

Yoz - 14th May 2010 10:03 - #

It might not be mod_security, while their main site runs Apache, the headers for signing up for a bank account report ASP.NET on IIS 6.

Hopefully still just a poorly configured security filter issue as opposed to a serious security chasm ...

huxley - 14th May 2010 16:53 - #

The correct way to handle Bobby Tables: http://bobby-tables.com/

Andy Lester - 14th May 2010 20:38 - #

Felt so hopeless lokonig for answers to my questions...until now.

Butterfly - 22nd September 2011 19:52 - #

Health articles I just want to thank you for pharmacy shop your information / turorial and your website or blog, this is a simple, but good article I have ever seen, I like it, I learned something today! Thanks!

evalon cream - 25th September 2011 17:39 - #

It's really great that people are sharing this infromtaoin.

Isabelle - 8th October 2011 22:38 - #

Yeah that's what I'm tkalnig about baby--nice work!

Boston - 10th October 2011 04:37 - #

A very nice post, thank you for this article as I learn something interesting Online Jobs

riya - 17th October 2011 07:25 - #

I will recommend my friends to read this. Bottes UGGI am quite sure they will UGG Pas Cher learn lots of new stuff here than anybody else!

ugg pas cher - 27th October 2011 03:33 - #

Just to demonstrate the Free DVD Ripperweight we should all attach to Underwood's statement, DVD Ripperthe Collins dictionary Video Converter has just added "hashbangs" to its new edition of the dictionary.

Video Converter - 28th October 2011 13:49 - #

Great post, and great website. Thanks for the information! affiliate network

affiliate network - 13th December 2011 07:57 - #

I think that thanks for the valuable information and insights you have so provided here.http://envyusmedia.com/content/about-envyusme dia/index.html

affiliate network - 13th December 2011 08:05 - #

I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article.hyaluronic acid benefits

hyaluronic acid benefits - 13th December 2011 10:23 - #

Thanks for the valuable information and insights you have so provided here... the best payday loans

the best payday loans - 14th December 2011 12:56 - #

This article gives the light in which we can observe the reality. This is very nice one and gives indepth information. Thanks for this nice article. bank rates cd

bank rates cd - 31st January 2012 15:14 - #

I am very happy to discover your post as it will become on top in my collection of favorite blogs to visit. watch bleach on iphone

watch bleach on iphone - 1st February 2012 13:41 - #

I would like to say that this blog really convinced me to do it! Thanks, very good post. promotional codes

promotional codes - 1st February 2012 15:28 - #