this post was submitted on 04 Apr 2024
969 points (97.5% liked)

Programmer Humor

19623 readers
2719 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] Kerb@discuss.tchncs.de 37 points 7 months ago* (last edited 7 months ago) (1 children)

its an sql injection attack.
its rather unlikely that it works in a modern app.

assuming this would work,
it injects a command in the sql database.

it is assumed that the app runs a sql querry with the input field as a parameter e.g.
INSERT INTO "bills" (item, ammount, tip) VALUES ("steak", "20,00 $", "content of the custom tip goes here");

the semicolon indicates the end of the querry,
so the the text would cause the app to run an unfinished querry, and then start a new querry that messes up the content of the bills table.

[–] some_guy@lemmy.sdf.org 14 points 7 months ago (1 children)
[–] RavenFellBlade@startrek.website 4 points 7 months ago

Is that Bobby?