Difference between revisions of "Robert'); DROP TABLE Students;--"
(884) |
(removing explain template, cleaning up grammar a little) |
||
| Line 6: | Line 6: | ||
}} | }} | ||
| − | <code>Robert'); DROP TABLE students;--</code> also known as Little Bobby Tables is the youngest son of elite hacker [[Mrs. Roberts]]. His older sister is [[Elaine Roberts]]. His "full" name is known to cause problems with some computers. When he was first enrolled in school ( | + | <code>Robert'); DROP TABLE students;--</code> also known as Little Bobby Tables is the youngest son of elite hacker [[Mrs. Roberts]]. His older sister is [[Elaine Roberts]]. His "full" name is known to cause problems with some computers. When he was first enrolled in school ([[327: Exploits of a Mom]]) it exploited a vulnerability in the parsing of student's names into the school's student database resulting in the school losing all the student records for the year. |
In {{w|SQL}}, commands are separated by semicolons ";" and data is often quoted using single quotes -'-. Commands may also be enclosed in parentheses '(' and ')'. Data is stored in tables of similar items (e.g. "students") and individual entries are "rows" in the table. To delete an entire table (and every row of data in that table), you use the command "DROP" (e.g. "DROP TABLE students"). | In {{w|SQL}}, commands are separated by semicolons ";" and data is often quoted using single quotes -'-. Commands may also be enclosed in parentheses '(' and ')'. Data is stored in tables of similar items (e.g. "students") and individual entries are "rows" in the table. To delete an entire table (and every row of data in that table), you use the command "DROP" (e.g. "DROP TABLE students"). | ||
| − | The exploited vulnerability is that the single quote in the name input was not properly "escaped" by the software. Thus, when the name is embedded into some SQL statement, the quote is erroneously parsed as a closing quote inside some SQL statement, instead of being parsed as part of the name. Lack of such escaping is a common SQL vulnerability; | + | The exploited vulnerability is that the single quote in the name input was not properly "escaped" by the software. Thus, when the name is embedded into some SQL statement, the quote is erroneously parsed as a closing quote inside some SQL statement, instead of being parsed as part of the name. Lack of such escaping is a common SQL vulnerability; this type of exploit is referred to as {{w|SQL injection}}. |
| − | A similarly named character appears in | + | A similarly named character appears in [[884: Rogers St.]], with the same code injection in his middle name. |
{{navbox-characters}} | {{navbox-characters}} | ||
[[Category:Characters]] | [[Category:Characters]] | ||
Revision as of 22:32, 21 September 2012
| Robert'); DROP TABLE Students;-- | |
|---|---|
| First appearance | 327: Exploits of a Mom |
| Appearances | Click to view |
Robert'); DROP TABLE students;-- also known as Little Bobby Tables is the youngest son of elite hacker Mrs. Roberts. His older sister is Elaine Roberts. His "full" name is known to cause problems with some computers. When he was first enrolled in school (327: Exploits of a Mom) it exploited a vulnerability in the parsing of student's names into the school's student database resulting in the school losing all the student records for the year.
In SQL, commands are separated by semicolons ";" and data is often quoted using single quotes -'-. Commands may also be enclosed in parentheses '(' and ')'. Data is stored in tables of similar items (e.g. "students") and individual entries are "rows" in the table. To delete an entire table (and every row of data in that table), you use the command "DROP" (e.g. "DROP TABLE students").
The exploited vulnerability is that the single quote in the name input was not properly "escaped" by the software. Thus, when the name is embedded into some SQL statement, the quote is erroneously parsed as a closing quote inside some SQL statement, instead of being parsed as part of the name. Lack of such escaping is a common SQL vulnerability; this type of exploit is referred to as SQL injection.
A similarly named character appears in 884: Rogers St., with the same code injection in his middle name.
| ||||||||||||||||||||||
