Entertaining little story
Posted: Sun Jul 19, 2009 3:38 pm
Hey all,
Something rather entertaining happened over the last few days and I thought you lot would appreciate it's amusingness.
I was on a freelancing site, collecting simple pay-the-bills-because-some-tit-bought-a-server work, and I found a simple little job to correct some security vulnerabilities with some software. A piece of software for running mp3.com/soundclick style sites had various issues, including being able to run Blind-SQL Injections in URLs, being able to use direct SQL-injections on forms and being able to upload scripts and then activate them using the "upload a profile picture" option.
I was awarded the work based on my feedback and bid amount, and asked for access to the server on which it was installed. The client was unwilling to offer this, and sent me a zip file on which to alter the files instead.
They were a huge mess, and I found them a pain in the arse to read, let alone fix. But trawling through I fixed all the "$username=$_GET['username']" errors and use of $_GET stuff in SQL Queries without escaping or sanitisation of any sort one at a time. The files were a joke, using multiple references to $_GET['variable'] instead of just defining things and then referring to the variables by name.
I fixed the upload issues, but suggested also putting in place some changes to htaccess and file perms to make doubly sure, and this is when things got weird.
The guy said he didn't know how to do that, and I offered to make the changes myself for a few extra pounds, thinking that it would help him, and I'd get better feedback. He flat out refused which confused me. I tried to explain and again he refused. I marked the work as complete and left it, receiving another message a few days later:
"Ok, truth now. I am the general manager of [softwarehousename] and I need this software fixing so I can sell it. Will you help?"
This guy had me patching holes in awful software with the intention of creating a release candidate from it. I always thought I'd work that kind of thing out.
Something rather entertaining happened over the last few days and I thought you lot would appreciate it's amusingness.
I was on a freelancing site, collecting simple pay-the-bills-because-some-tit-bought-a-server work, and I found a simple little job to correct some security vulnerabilities with some software. A piece of software for running mp3.com/soundclick style sites had various issues, including being able to run Blind-SQL Injections in URLs, being able to use direct SQL-injections on forms and being able to upload scripts and then activate them using the "upload a profile picture" option.
I was awarded the work based on my feedback and bid amount, and asked for access to the server on which it was installed. The client was unwilling to offer this, and sent me a zip file on which to alter the files instead.
They were a huge mess, and I found them a pain in the arse to read, let alone fix. But trawling through I fixed all the "$username=$_GET['username']" errors and use of $_GET stuff in SQL Queries without escaping or sanitisation of any sort one at a time. The files were a joke, using multiple references to $_GET['variable'] instead of just defining things and then referring to the variables by name.
I fixed the upload issues, but suggested also putting in place some changes to htaccess and file perms to make doubly sure, and this is when things got weird.
The guy said he didn't know how to do that, and I offered to make the changes myself for a few extra pounds, thinking that it would help him, and I'd get better feedback. He flat out refused which confused me. I tried to explain and again he refused. I marked the work as complete and left it, receiving another message a few days later:
"Ok, truth now. I am the general manager of [softwarehousename] and I need this software fixing so I can sell it. Will you help?"
This guy had me patching holes in awful software with the intention of creating a release candidate from it. I always thought I'd work that kind of thing out.