Reminds me of Bobby Tables http://bobby-tables.com/
:) Sent from my BlackBerry® smartphone -----Original Message----- From: Hasan Abu Bakar <ha...@kelate.com.my> Date: Mon, 26 Apr 2010 13:49:35 To: <osdcmy-list@googlegroups.com> Subject: Re: [osdcmy-public] Goverment web services it was a silly story..but I am gonna share it anyway Once upon a time, it was end of semester after a final examination at UiTM Kampus Terengganu. I had nothing to do so I play around study room to get access to the internet for chat, light internet browsing and a little curious about hacking (it's my interest btw). So i browsed few sites like milw0rm and such to get some information about web apps and flaws. So I found this simple mssql+asp injection to bypass admin login. ' or 1=1 -- So I went to a page to check exam result. (i forgot the link..it was changed btw). I put "admin" as username and ' or 1=1 -- as password BAMM! I got into admin page! WTF? At first, I don't believe it because I think it might be sort of honeypot or something like that (i don't think they were this clever) so I was playing around with it. I can see other's logins (lecturer's username and password) in PLAIN TEXT...so I try these logins and sure they are valid. So I get nasty. Too many thing on my mind, because I can see my result...too way early than anybody else and I got 3 C!!...and hit my cgpa so bad....and you know what I did...it's silly.I changed my grade..plain easy and plain stupid. The admin find out later because the grades on system were not in sync with on papers. ' or 1=1 -- => change grade => kantoi => get suspended for 2 semesters so for the moral, PLEASE DON'T PLAY WITH STUPID SYSTEM. IT WILL HARM YOU REAL BAD and I will remember these magic characters till I die ' or 1=1 -- ...i was nice because I didn't drop the database :) Hasanuddin Abu Bakar ------------------------------- Ubuntu embedded developer/tester https://wiki.ubuntu.com/bizkut Get FireGPG for your Firefox! http://getfiregpg.org PGP Public Key http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xC5A1B11965D43C5C On Mon, Apr 26, 2010 at 1:13 PM, CL Chow <klrkdek...@gmail.com> wrote: > IE5 lol > Regards, > CL Chow > "Please do not send me Microsoft Office/Apple iWork documents. Send > OpenDocument instead! http://fsf.org/campaigns/opendocument/"; > > > > > On Mon, Apr 26, 2010 at 1:12 PM, Boh Yap <bhy...@gmail.com> wrote: >> >> care to elaborate on your story, I'm sure we'll all like to hear. >> and how/why should they be ruining your life? >> >> yeah they are still using stupid MS technology... >> (I clicked on the link and it asked me to use IE) >> >> Perhaps we can use this thread/forum to share stories of how >> bad/stupid IT implementations are ... in gov/private sector? >> >> I'm sure we all have plenty. >> >> And use this to leverage the benefits of FOSS. >> >> >> On Mon, Apr 26, 2010 at 11:59 AM, Hasan Abu Bakar <ha...@kelate.com.my> >> wrote: >> > http://iapps.uitm.edu.my/epengambilanstaf/ >> > >> > STUPID >> > >> > I once get suspended for 2 semesters because of "hacking" their 20 >> > years old mssql servers and now keep ruining my life. WTF >> > >> > >> > >> > Hasanuddin Abu Bakar >> > ------------------------------- >> > Ubuntu embedded developer/tester >> > https://wiki.ubuntu.com/bizkut >> > >> > Get FireGPG for your Firefox! http://getfiregpg.org >> > >> > PGP Public Key >> > http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xC5A1B11965D43C5C >> > >> > >> > >> > On Mon, Apr 12, 2010 at 11:29 PM, CL Chow <klrkdek...@gmail.com> wrote: >> >> 2-3 years is new??? a 2-3year old kid can walk, talk already... >> >> what we have here??? few more years to wait??? few more years to >> >> plan??? >> >> then, the plan got old and need few more years to update and it >> >> loops... >> >> that's what i've been seeing for all these years!!! >> >> quit blaiming the education, blaiming the industry, blaiming the >> >> quality and >> >> blaiming the graduates anymore!!! >> >> why can't we just stop, and do them seriously??? and i still don't >> >> understand why we needed to be locked inside the box, always!!! >> >> we need more innovations than implementations!!! >> >> btw I wanted to say this out loud for so long already... I'm enough of >> >> the >> >> government's crappy browsers support(some still ie 5!!!), crappy web >> >> design, >> >> and basically and frankly, they are crap!!! >> >> If you wondering who am i?Yes!!! i am a nobody, but i did try to work >> >> something out, regardless of failures, why should we afraid to lose??? >> >> that's why we call "experience" !!! Wake up please!!! Bah!!! >> >> Thank you!!! >> >> Regards, >> >> CL Chow >> >> "Please do not send me Microsoft Office/Apple iWork documents. Send >> >> OpenDocument instead! http://fsf.org/campaigns/opendocument/"; >> >> >> >> >> >> >> >> >> >> On Mon, Apr 12, 2010 at 3:27 PM, Muhammad Najmi Ahmad Zabidi >> >> <najmi.zab...@gmail.com> wrote: >> >>> >> >>> On Mon, Apr 12, 2010 at 3:23 PM, Umarzuki Mochlis <umarz...@gmail.com> >> >>> wrote: >> >>> > >> >>> > >> >>> > On Mon, Apr 12, 2010 at 3:19 PM, Hasan Abu Bakar >> >>> > <ha...@kelate.com.my> >> >>> > wrote: >> >>> >> >> >>> >> At NHK Japan http://www.nhk.or.jp >> >>> >> All technical persons are engineers (bachelor degree and above) >> >>> >> with >> >>> >> certificates CCNA, RHCE etc.. (without unrelated jobs scope and >> >>> >> tasks). Theoretically there are no technician (diploma equivalent). >> >>> >> So I don't know why OUR government agencies can't do this, still >> >>> >> hire >> >>> >> diploma/degree person without skill even to do a simple w3c >> >>> >> compliant >> >>> >> website. Guys, just learn Joomla or Drupal then we don't have to >> >>> >> waste >> >>> >> our time to discuss these things. >> >>> >> >> >>> > >> >>> > that is going to be a revolution if that happening here in Malaysia. >> >>> > In >> >>> > a >> >>> > revolution, there were massacres involved. >> >>> >> >>> >> >>> I don't think the problem of degree is the main culprit. They just >> >>> don't concern with the fundamental stuffs. >> >>> Met several people who don't even graduate, or graduate with non IT >> >>> degree, but perform better than the CS/IT grads. >> >>> >> >>> Anyway I blame the recruitment process. They should call competent >> >>> technical people to hire PSM/F grade ppl. >> >>> >> >>> -- >> >>> Join Open Source Developers Club Malaysia http://www.osdc.my/ >> >>> >> >>> Facebook Fan page >> >>> >> >>> http://www.facebook.com/group.php?gid=98685301577 >> >>> >> >>> http://www.facebook.com/OSDC.my >> >>> >> >>> You received this message because you are subscribed to the Google >> >>> >> >>> Groups "OSDC.my Mailing List" group. >> >>> To post to this group, send email to osdcmy-list@googlegroups.com >> >>> To unsubscribe from this group, send email to >> >>> osdcmy-list+unsubscr...@googlegroups.com >> >>> For more options, visit this group at >> >>> http://groups.google.com/group/osdcmy-list?hl=en >> >>> >> >>> To unsubscribe, reply using "remove me" as the subject. >> >> >> >> -- >> >> Join Open Source Developers Club Malaysia http://www.osdc.my/ >> >> >> >> Facebook Fan page >> >> >> >> http://www.facebook.com/group.php?gid=98685301577 >> >> >> >> http://www.facebook.com/OSDC.my >> >> >> >> You received this message because you are subscribed to the Google >> >> >> >> Groups "OSDC.my Mailing List" group. >> >> To post to this group, send email to osdcmy-list@googlegroups.com >> >> To unsubscribe from this group, send email to >> >> osdcmy-list+unsubscr...@googlegroups.com >> >> For more options, visit this group at >> >> http://groups.google.com/group/osdcmy-list?hl=en >> > >> > -- >> > Join Open Source Developers Club Malaysia http://www.osdc.my/ >> > >> > Facebook Fan page >> > >> > http://www.facebook.com/group.php?gid=98685301577 >> > >> > http://www.facebook.com/OSDC.my >> > >> > You received this message because you are subscribed to the Google >> > >> > Groups "OSDC.my Mailing List" group. >> > To post to this group, send email to osdcmy-list@googlegroups.com >> > To unsubscribe from this group, send email to >> > osdcmy-list+unsubscr...@googlegroups.com >> > For more options, visit this group at >> > http://groups.google.com/group/osdcmy-list?hl=en >> >> >> >> -- >> #------- >> regds, >> >> Boh Heong, Yap >> >> -- >> Join Open Source Developers Club Malaysia http://www.osdc.my/ >> >> Facebook Fan page >> >> http://www.facebook.com/group.php?gid=98685301577 >> >> http://www.facebook.com/OSDC.my >> >> You received this message because you are subscribed to the Google >> >> Groups "OSDC.my Mailing List" group. >> To post to this group, send email to osdcmy-list@googlegroups.com >> To unsubscribe from this group, send email to >> osdcmy-list+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/osdcmy-list?hl=en > > -- > Join Open Source Developers Club Malaysia http://www.osdc.my/ > > Facebook Fan page > > http://www.facebook.com/group.php?gid=98685301577 > > http://www.facebook.com/OSDC.my > > You received this message because you are subscribed to the Google > > Groups "OSDC.my Mailing List" group. > To post to this group, send email to osdcmy-list@googlegroups.com > To unsubscribe from this group, send email to > osdcmy-list+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/osdcmy-list?hl=en -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en
