What is Digg?86 Comments
- jaybol, on 04/22/2008, -2/+86By the way, you can edit the URL to say anything that you want the shirt to say
- Kyan, on 04/22/2008, -2/+50I like this shirt better:
http://edition.cnn.com/tshirt/?headline=CNN%20welc ... - Spuy767, on 04/22/2008, -3/+38There web developer is probably asking himself. . .
http://www.cnn.com/tshirt/?headline=What's%20a%20S ... - dotlizard, on 04/22/2008, -4/+38now that is a rather spectacular example of WTF coding. "let's just send the article title through as an URL string, what's the worst that could happen?"
- thotpoizn, on 04/22/2008, -1/+23Somewhere right now there is an unread 4GB access_log crying alone in the darkness...
- Steven8890, on 04/22/2008, -1/+21MSNBC is where it's at!
- cykyc, on 04/22/2008, -1/+8The cart isn't ***** up; CNN uses a hash value in the URL to determine if the link is legitimate or not. So, if you know how they're creating the hash and what its input values are, you could get these shirts printed ;-)
- jeffchuck, on 04/22/2008, -1/+8More like URL parameters.
- joel8x, on 04/22/2008, -0/+6You had a typo, here. I fixed it for you: http://www.cnn.com/tshirt/?headline=Hillary%20is%2 ...
- reddoggie, on 04/22/2008, -2/+8http://www.cnn.com/tshirt/?headline=The%20Most%20T ...
- modifiedbears, on 04/22/2008, -1/+6I wish The Onion had this.
- seanieb, on 04/22/2008, -0/+5"elitist" eh....think for yourself much?
- cykyc, on 04/22/2008, -0/+4I'm also guessing if someone decoded the SWF file, she would be able to figure out the hashing method. The http://www.spreadshirt.com/Applications/Api/Cnn/cr ... application also checks the hash, so there's no really obvious way on how to bypass this. Here's its POST:
basketItemId=&session%5Fid=undefined&dateMS=1208858949000&article%5Fid=2948447
&story%5Furl=http%3A%2F%2Fwww%2Ecnn%2Ecom%2Fvideo%2F%23%2Fvideo%2Fus%2F2008%2F04%2F22%2Fhigh%2Espeed%2Ebaby%2Ewral
&hash=d735bf77db90c3d59368339bccb9ea39&quantity=1&size=3&color=2&date%5FrowsizeH=12%2E95
&date%5FrowsizeW=62%2E95&date%5Ftextrow=05%3A09%20am%2004%2E22%2E08&rowsizeH%5F2=29%2E95
&rowsizeW%5F2=179&textrow%5F2=baby%20at%2080%20mph&rowsizeH%5F1=29%2E95
&rowsizeW%5F1=256%2E65&textrow%5F1=Mom%20delivers%20her%20own
Yah for WebScarab - m00dc0ntr0l, on 04/22/2008, -2/+6No, they screwed up by asking the exact same questions that everyone had already asked a thousand times and had already gotten answers to. Moreover, since the extreme right wing isn't going to vote for him anyway, why should they care what he's asked -- they've already decided.
- Spuy767, on 04/22/2008, -0/+4Lrn 2 read. See my comment, posted a scant 90 minutes prior to yours.
- lamiaconfitor, on 04/22/2008, -4/+7http://www.cnn.com/tshirt/?headline=Blitzer%20is%2 ...
- vitas33, on 04/22/2008, -2/+5ABC ***** up everything these days.
- Spuy767, on 04/22/2008, -1/+4Which are the same kind of things that SQL injections are based on. You have no Idea how many times I've seen people use URL parameters to pass SQL strings, or at least portions of SQL strings. BTW, I konw it's "Male" and "Their." I typed that about thirty seconds after I rolled out of bed.
- apophenic, on 04/22/2008, -3/+6Dugg for horrible site design.
- brufleth, on 04/22/2008, -0/+3Not any, just all of them.
- midejitsu, on 04/22/2008, -1/+3No *****, Sherlock. The shopping cart is working just fine if you want to get one of the shirts CNN actually offers. They are quite dull, but I really don’t think this is a catastrophic failure as far as the shop design goes.
- MacSuxWindozSux, on 04/22/2008, -2/+4How can the question bring light to anything. It's the answers that are supposed to provide the information.
- Krystar, on 04/22/2008, -0/+2You just got F'd in the A.
- inactive, on 04/22/2008, -0/+2That's what she said.
/sorry, I couldn't resist :P - inactive, on 04/22/2008, -0/+1http://www.cnn.com/tshirt/?headline=FOX%20News%20i ...
- Spuy767, on 04/22/2008, -0/+1The hash is validating. If the hash is incorrect, it won't let the order pass through. Well, as far as I can tell. It seems to me just to be a poorly designed page. Using flash in that way isn't the best Idea. There are better ways of passing data to flash.
- Hangly, on 04/22/2008, -3/+4the joke
======
your head - ZenMojo, on 04/22/2008, -0/+1I'll respond to you because of Digg's lack of tolerance for ignorance and my general good nature. Obama suggested these debates to be gracious, Hillary turned down the one before North Carolina.
- nvisn, on 04/22/2008, -1/+2http://www.cnn.com/tshirt/?headline=CNN%20=%20Clin ...
- lamiaconfitor, on 04/22/2008, -0/+1Good guess. oh wait, no it wasn't.
- Krystar, on 04/22/2008, -0/+1Damnit you beat me to it. mine was:
http://www.cnn.com/tshirt/?headline=Hillary%20Clin ... - ZenMojo, on 04/22/2008, -1/+2http://www.cnn.com/tshirt/?headline=*****%20Democra ...
- directrix13, on 04/22/2008, -0/+1@Spuy767:
Well, almost all server side scripting languages rely either on URL params or posted data. So to say that it is "the same kind of things that SQL injections are based on" is pretty misleading. But any kind of non-escaped / validated input to a non-parameterized SQL query is susceptible to SQL injection. This is definitely more of a case of just plain old bad design. The real question is, why isn't that hash validating anything? - slapded, on 04/22/2008, -1/+2boy you're a quick one
- Spuy767, on 04/22/2008, -0/+1A better idea would have been to use some sort of array and reference the headline by number. This way, if you get an Array Out of Bounds exception, you can display an Error page, and people can't go in and make funnies with your site.
- enderwiggin13, on 04/22/2008, -0/+1It's not real...have you read any of the other posts? CNN has a handful of stock tshirts that have images generated via text in the URL. Replace any text you want in the URL and it will make an image of that shirt...not that you can buy any of these custom shirts as they don't actually exist.
- inactive, on 04/22/2008, -1/+2ABC is in the digg doghouse, Fox is back!
- cathpah, on 04/22/2008, -0/+1yes indeedy.
- Anntink, on 04/25/2008, -0/+1I didn't like the debate either, but managed to get that point across many times without using the "F" word. Please use a little more intelligence when posting - I have children who read this page and I sure don't want them talking in gutter language.
- Mansellisme, on 04/22/2008, -0/+0Someones had a happy childhood.
- PrismoFillusion, on 04/22/2008, -0/+0They were better, don't get me wrong.
But they weren't anything to brag about.
Some of us were sick of hearing the same few questions asked at every debate after the first few rounds.
Anyway, hopefully PA shapes up! My state already voted for the right person for the job (Maryland). - ralph12c41, on 04/22/2008, -1/+1trust me at the end of the day liberals won't want to vote for him either.......
- lamiaconfitor, on 04/22/2008, -1/+1I believe every thing people say to me. oh wait... That's not me...
- Patrikimo, on 04/22/2008, -3/+3Poor guy.... You meant to crack a funny and now everyone is making fun of you. Well, calling it a SQL Injection attack is funnier sounding I'll give you that much, but like everyone said it's just a case of un-validated input. Of course it might still be validated against that hash when you buy the shirt, so all this might not really be much of an "attack" at all.
- Ki77erB, on 04/28/2008, -0/+0They fixed it. Editing the URL doesn't work anymore. Damnit!
- stormiscoming, on 04/23/2008, -0/+0I figured it was CNN ***** at the first sight.LOL
- nudnik72, on 04/30/2008, -0/+0Just because you can't edit the URL yourself doesn't mean CNN won't post any more bone-headed headline-shirt combinations...
http://i25.tinypic.com/rroxuo.jpg -
Show 51 - 84 of 84 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is 