[quote user="joe.edwards"]So, has anybody tried directory traversal?[/quote]
They append a .PDF at the end of the filename, so it's not a trivial case of that attack, you'd need to get a bit creative here.
[quote user="morbiuswilters"]// snip pile of quotes
Oh, they live.
You just have to have a fresh supply to deal with turnover.[/quote]
Just like the developers for some software companies I've dealt with...
Mud grass horses are beautiful animals
This reminds me of a thing that once happened to me, but wasn't worth making a topic for it only:
The disk image was recorded successfully because an error occurred. Failure in recording because the unit returned an error without chance of recovery.
And before anyone asks, yeah, the disk (ubuntu installer) worked ...
[quote user="Steve The Cynic"]memsetting a pointer to all-zeros (in particular, the standards do not impose a requirement that such a pointer is NULL, see e.g. AS/400)[/quote]
I remember someone on this forum running into a problem with Nvidia's CUDA related to this, in which valid pointers could point to 0.
[quote user="blakeyrat"]Ironically I believed every word until I hit this.[/quote] You truly know the human potential for disaster, my friend.
It was a hot, humid Sunday afternoon. Far too hot for summer; yet, it was still spring. My relational algebra/calculus/SQL teacher sent us an email, saying he was sick and that we would have a substitute teacher come in the next morning. It was an old friend of the teacher, a man who held a high position in an African university, teaching theory ...
[quote user="Zecc"]That's fixed formatting? I wish I had seen the original.
Trust me, you don't.
I also just realized that it doesn't needs to include the aux.php file, but let's be sincere, that's like dumping sand on the beach, if a beach was made of horrible code. And reeks of copy-paste.
This is the entirety of a file named "deletebd.php" (Yes, they even misspelled db in the filename):
$query= new connection();
$id = mysql_real_escape_string($_GET['id']);
$table = ...
I still can't believe I found this inside the HTML code of the first post:
<br style="font-family:arial,sans-serif;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;orphans:2;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;" ...