I'm guessing they did something like a foreach($_POST as $whatever) and just processed everything. If they had sanitised their data to process only valid entries in valid fields, the Firebug trick would have done nothing except perhaps give an error about invalid input.This is an easy mistake to make... For an amateur f**king around on a personal website. For an ISP it's downright embarrassing that their *customer records* don't even have a modicum of security. What if someone used the same trick for a SQL injection; anyone have confidence their code would block it? Maybe. Maybe not.If I were Mr. Mezzier, I'd switch ISPs rather quickly if I valued my personal data.
iiNet are hopeless.If you get a bad connection you might as well change ISP's. When it comes to internal communication these guys fill out forms and log it into a pc which no one will look at.
theshad0wMay 12, 2009
I agree I would have tried to change it through the form first :P
solistusMay 12, 2009
I'm guessing they did something like a foreach($_POST as $whatever) and just processed everything. If they had sanitised their data to process only valid entries in valid fields, the Firebug trick would have done nothing except perhaps give an error about invalid input.This is an easy mistake to make... For an amateur f**king around on a personal website. For an ISP it's downright embarrassing that their *customer records* don't even have a modicum of security. What if someone used the same trick for a SQL injection; anyone have confidence their code would block it? Maybe. Maybe not.If I were Mr. Mezzier, I'd switch ISPs rather quickly if I valued my personal data.
crazyspaniardMay 12, 2009
sweetI stole the comment to see who would catch it =D
erictheodoreMay 12, 2009
thats a shame
rk23xMay 13, 2009
Riiiiiiight.
Closed AccountMay 13, 2009
iiNet are hopeless.If you get a bad connection you might as well change ISP's. When it comes to internal communication these guys fill out forms and log it into a pc which no one will look at.
okcomputer01May 17, 2009
Where's your geekness? Install Firefox Portable as well :)