Ranter
Join devRant
Do all the things like
				++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
				Sign Up
			Pipeless API
 
				From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
				Learn More
			Comments
		- 
				
				Intranets with SQL Injections? Amazing!
 
 Now you can grant yourself admin privileges and delete the guy who's on vacation from the system 😛
- 
				
				 SirVicco2306y@alexbrooklyn for a second I though you gave me the best idea ever. Sadly this site is only for the repairment system. No employee database in there. It's supposed to be a working tool. SirVicco2306y@alexbrooklyn for a second I though you gave me the best idea ever. Sadly this site is only for the repairment system. No employee database in there. It's supposed to be a working tool.
- 
				
				 endor54476yPlaying with this kind of stuff is fun and all, but be careful: if the wrong person finds out about this, you can get into a lot of legal trouble. And in that case, it won't matter that it was "urgent" or "just want to get the job done". endor54476yPlaying with this kind of stuff is fun and all, but be careful: if the wrong person finds out about this, you can get into a lot of legal trouble. And in that case, it won't matter that it was "urgent" or "just want to get the job done".
- 
				
				I love when you can put a * in a input field and you get returned everything the database has to offer 😄
- 
				
				sqlmap + burpproxy ftw.
 
 Have fun, but make sure no one actually reads the audit logs!
- 
				
				 SirVicco2306y@endor Yeah. Now I fear that maybe there wasn't only the location to change. I hope the regular way was close to what I did. SirVicco2306y@endor Yeah. Now I fear that maybe there wasn't only the location to change. I hope the regular way was close to what I did.
- 
				
				 SirVicco2306y@SanitizedOutput No. But as I said there was a urge to get this radio repaired as the people who ordered the repairment come get it tomorow and will use it quite instantly. SirVicco2306y@SanitizedOutput No. But as I said there was a urge to get this radio repaired as the people who ordered the repairment come get it tomorow and will use it quite instantly.
 
 Tbh that was also alot of curiosity as I learned about this recently.
- 
				
				 SirVicco2306yUPDATE !!! SirVicco2306yUPDATE !!!
 
 Workplace got a call from the IT center. I had to say I did it...
 
 The admin saw this quite instantly. He said I should have called him because I forgot to change something like "last editing time" and stuff.
 
 "So you're actually ok with the injections ??"
 
 "No, but I prefer telling you what you missed than telling the bigboss and ruin your life"
 
 Good Guy Admin !!!
Related Rants
- 
						
							 cdrice104"You gave us bad code! We ran it and now production is DOWN! Join this bridgeline now and help us fix this!" ... cdrice104"You gave us bad code! We ran it and now production is DOWN! Join this bridgeline now and help us fix this!" ...
- 
						
							 wrkuijpers82Me: *Watching a movie* Main Character: "Oh no, we have to hack the CIA to figure out how this machine works! ... wrkuijpers82Me: *Watching a movie* Main Character: "Oh no, we have to hack the CIA to figure out how this machine works! ...
- 
						
							 BrianValente33 BrianValente33 I'll start implementing this in my apps too. I'll start implementing this in my apps too.




I learned recently that you can inject SQL lines in some fields like Passwords or usernames on some websites. (Hacky hacky)
At work there is this intra website that is used to manage the parts of the radios and computers we repair.
Each piece has a specific number, and there is a tree with every pieces for each radio/computer.
When we get to repair one, we gotta change the pieces virtualy on the website. Sadly sometimes, the virtual pieces aren't marked like they followed the whole Radio from the place they come to the place we repair (we need it to replace the piece). People are just not doing their job, so we have to send emails and call for them do it so we can repair it. (This is already fucked up.)
Today, I had to replace a piece, but it was marked like it's not there. I called the guy, and it seems like he is on a vacation for weeks. My superior was super annoyed due to the urge of this task.
Guess who managed to change the _mainlocation_ of the _piece_ in the _radiopieces_ table. (Not actual names, you malicious cunt)
I spent 3 hours looking for the name of the fields and table. I don't know how many times I had to refresh the dam page to see I failed once again.
Hopefully I didn't have to guess all of them. Also the joy when I realised I succeed !!!
No one bats a eyes, and I'm here, feeling infinitely superior, as I might get punished for wanting to do my job.
I know it's basic moves to some of you, but dam it felt good.
Conclusion: Do what you have to, specially when it takes 5 minutes and people need it.
rant
morons
sql
intranet
hacking
sql injection
hack
radio frequency