[Tfug] I got a real funny here...needs to stay in TFUG...

Freeman, Don dfreeman at pagnet.org
Fri Jul 1 08:12:25 MST 2011 

I think we would also have to know which database was involved since
different databases handle logical trues differently.

 

 

From: tfug-bounces at tfug.org [mailto:tfug-bounces at tfug.org] On Behalf Of
keith smith
Sent: Friday, July 01, 2011 7:59 AM
To: Tucson Free Unix Group
Subject: Re: [Tfug] I got a real funny here...needs to stay in TFUG...

 



If it is a straight insert then the name would have to resolve to TRUE, not
just be the text value "true"  If the field is quoted and the data field is
of a text variant, then the insert string would have to contain some value
that the data engine would convert to true or 1 before storing the value as
text.

This is very interesting since it is a voter's name and I'm guessing either
the name was scanned in or someone had to type it in.  

Can you show us the insert so we can see what it could possibly be?   

------------------------
Keith Smith

--- On Thu, 6/30/11, Jim March <1.jim.march at gmail.com> wrote:


From: Jim March <1.jim.march at gmail.com>
Subject: Re: [Tfug] I got a real funny here...needs to stay in TFUG...
To: "Tucson Free Unix Group" <tfug at tfug.org>
Date: Thursday, June 30, 2011, 8:47 PM

God.  Nobody gets it yet?

The family name involved: True

Now think about how that would get turned into "1".

Yeah.  It's accepting program code in the data fields.  So you could
do an SQL injection attack with a paper and pen: just fill out a fake
voter registration form for "Little Bobby Tables"...

:)

Jim

On Thu, Jun 30, 2011 at 8:36 PM, Dennis McCormick
<macsinitial65haus at gmail.com> wrote:
> On Thu, Jun 30, 2011 at 8:23 PM, Adrian <choprboy at dakotacom.net> wrote:
>> On Thursday 30 June 2011 18:47, Jim March wrote:
>>> Somewhat OT, but still computer security related.
>>>
>>> OK, so there's this electronic voter registration system out there.
>>> Won't say which until the report goes public.  Ain't used in AZ so
>>> don't freak out on me :).
>>>
>>> Somebody I know who monitors elections went through the voter
>>> registration lists and found a small number of cases where the
>>> person's last name was listed as "1".  Yeah.  Just the number one, no
>>> quotes.
>>>
>>> It turned out all of those people (most unrelated to each other) had
>>> the same last name.
>>>
>>> Care to guess what it was?
>>>
>>
>>
>> O'Malley? O'Rielly? O'...
>>
>>
>>
>> Adrian
>>
>>
> How about Juan?
>
> Dennis
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>

_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20110701/4b26343a/attachment-0002.html>

More information about the tfug mailing list