Hacker News new | past | comments | ask | show | jobs | submit login

Yep it's clearly the access logger, but it's database password got changed by the attacker.



The other day an editor at work was complaining that a link they added only worked when visited directly, not when clicked. It turned out the target site had an access logger that synchronously downloaded the referring page, got its title, and then attempted to insert the title into its DB - without escaping it of course. Our post linking to the target site had an apostrophe in its title...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: