If [Bobby Tables] Had His Own Company…


Sometimes along comes a tech story that diverges from our usual hardware subject matter yet which just begs to be shared with you because we think you will find it interesting and entertaining.

XKCD 327, Exploits of a Mom (CC BY-NC 2.5).
XKCD 327, Exploits of a Mom (CC BY-NC 2.5).

You will no doubt be familiar with the XKCD cartoon number 327, entitled “Exploits of a Mom”, but familiarly referred to as “[Bobby Tables]”. In it a teacher is ringing the mother of little [Robert’); DROP TABLE Students; –], whose name has caused the loss of a year’s student records due to a badly sanitized database input. We’ve all raised a chuckle at it, and the joke has appeared in other places such as an improbably long car license plate designed to erase speeding tickets.

It's nice to see that Companies House sanitise their database inputs.
It’s nice to see that Companies House sanitise their database inputs.

Today we have a new twist on the Bobby Tables gag, for someone has registered a British company with the name  “; DROP TABLE “COMPANIES”;– LTD“. Amusingly the people at Companies House have allowed the registration to proceed, so either they get the joke too or they are unaware of the nuances of a basic SQL exploit. It’s likely that if this name leaves Her Majesty’s civil servants with egg on their faces it’ll be swiftly withdrawn, so if that turns out to be the case then at least we’ve preserved it with a screenshot.

Of course, the chances of such a simple and well-known exploit having any effect is minimal. There will always be poor software out there somewhere  that contains badly sanitized inputs, but we would hope that a vulnerability more suited to 1996 would be vanishingly rare in 2016.

If by some chance you haven’t encountered it before we’d recommend you read about database input sanitization, someday it may save you from an embarrassing bit of code. Meanwhile we salute the owner and creator of this new company for giving us a laugh, and wish them every success in their venture.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *