|
"And remember, its "their", not thier"
Actually, it's "they're"
|
|
|
|
|
Whoops. I was too busy correcting her spelling to notice. Touche.
|
|
|
|
|
Grammar Nazis such as you are so annoying. While I agree, to an extend, that spelling is quite important if you are to be making a living as a recruiter, you forget that not everyone is native English speaker.
Even you, who obviously fancy yourself a speller, write :
Now run a long, little "associate" consultant, before you get yourself into trouble for your "charming" recruiting skills.
Maybe you meant to write:
Now run along, little "associate" consultant, before you get yourself in trouble for your "charming" recruitment skills.
That being said, I do share your frustration with this particular headhunter. You did a fine thing, emailing headquarters.
|
|
|
|
|
VentsyV wrote: Grammar Nazis such as you are so annoying. While I agree, to an extend, that spelling is quite important if you are to be making a living as a recruiter, you forget that not everyone is native English speaker.
I merely became a "Grammar Nazi" since I knew it would annoy the recruiter, and I'm also well aware that not everyone is a native English speaker. If it were any other circumstance, I probably wouldn't care how she wrote or spoke English. Since she crossed the line, however, the least she deserved was a good verbal bashing.
VentsyV wrote: That being said, I do share your frustration with this particular headhunter. You did a fine thing, emailing headquarters.
Thanks
|
|
|
|
|
I would have done the same. When I read the first few lines I thought it was some kind of joke and then it got worse.
|
|
|
|
|
Open this below link in Firefox and look at the top of the page!
click[^]
"hi, I am explorer.exe. sometimes when you are doing anything at all, I will just freeze for ten minutes. All of my brother and sister windows will also freeze, because they are sad for me. Maybe we will come back, maybe not, it will be a surprise!"
|
|
|
|
|
its in the HTML. Someone should really learn how to comment HTML correctly.
|
|
|
|
|
leppie wrote: Someone should really learn how to comment HTML correctly.
Yeah, it is not that hard
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
|
|
|
|
|
|
Sweet. SQL Injection attack anyone?
|
|
|
|
|
How? It's server side code being rendered to the client so there's no attack vector there.
cheers,
Chris Maunder
CodeProject.com : C++ MVP
|
|
|
|
|
Chris Maunder wrote: How? It's server side code being rendered to the client so there's no attack vector there.
True - but you've now seen the name of tables, and it's obvious that Stored Procs aren't being used. As soon as you find an input form, the attack surface has been opened up.
|
|
|
|
|
Not as bad as one I discovered recently: Database connection strings stored in a publicly accessible txt file coupled with request strings being completely unvalidated before being appended to various SQL queries. Had a call from the client one day asking if it was us that created the 'slartibartfast' table. It turned out to be some bloke on the other side of the world having a bit of fun. Reminds me of my favourite XKCD[^].
|
|
|
|
|
The question is, did they know who Slartibartfast was?
|
|
|
|
|
Can people be so dumb? I would not be surprised if they put the FTP credentials of the website as a comment in the index.html under the pretext of ease of maintenance.
Vasudevan Deepak Kumar
Personal Homepage Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson
|
|
|
|
|
Pete O'Hanlon wrote: SQL Injection attack anyone?
Totally. Think of any good ones?
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
|
|
|
|
|
Paul Conrad wrote: Totally. Think of any good ones?
It does sound a bit "Capture the flag"
|
|
|
|
|
|
Oh my FREAKING God....
That makes me twitch. That's such a horrible security flub.
|
|
|
|
|
All you've got are table names (and for the movie table only) - you can't actually get access. It's dumb and stupid but not a humungous breach
cheers,
Chris Maunder
CodeProject.com : C++ MVP
|
|
|
|
|
As has already been pointed out... We now know that they use inline SQL, so the first input page you come too makes it ripe to do the injection attack with a 'drop tables' in it.
|
|
|
|
|
The real WTF is ADODB!
Pits fall into Chuck Norris.
|
|
|
|
|
Brady Kelly wrote: real WTF is ADODB
Yep.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
|
|
|
|
|
Daily WTF material right here... this is fantastic
|
|
|
|
|