On Sat, 2008-07-19 at 17:17 -0400, tedd wrote: > At 4:38 PM -0400 7/19/08, Robert Cummings wrote: > >On Sat, 2008-07-19 at 16:31 -0400, tedd wrote: > > > No problem -- I had the data backed-up anyway. I figured that someone > >> would do what you did and I was ready for it -- it was easy enough to > > > fix. > > -snip- > > >What do you mean backed up? I just replaced the filler data on the page > >with some filler JavaScript that basically did the following: > > > ><script>document.body.innerHTML = 'Rob was here';</script> > > > >I didn't do anything to your server files. It was easily remedied by > >loading the page with JavaScript disabled. > > > >I hope you didn't think I tainted your filesystem. I wouldn't do that > >even as a joke. > > Well, that's not what happened. All the data shown here -- > > http://www.webbytedd.com/a/easy-page-db/ > > -- is pulled directly from my database. > > When you put: > > <script>document.body.innerHTML = 'Rob was here';</script> > > into the first paragraph and filled the remaining paragraphs with > large hunks of text and clicked "save", all the previous data was > replaced with your additions. Everything I had there was gone. > > When I inspected the dB, the only data there was yours.
:) > Fortunately, I had created a sql dump before showing this page to > anyone because I knew that whatever anyone put into that page, would > go directly into my dB -- so I expected some changes. I just had not > expected such a large change nor someone placing code in it. > > As you can imagine, it could have been a lot worse for me -- so > thanks for enlightening me as to hazards of leaving something that > insecure open for inspection. Wasn't it just placeholder data? It looked like latin. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
