Forums
Our anonymous submitter was looking for a Microsoft partner to manage his firm's MSDN subscriptions; the pile of licenses and seats and allowed uses was complex enough to want specialists. In hopes of quickly zeroing in on a known and reputable firm, he tracked down the website of a tech consultancy that'd been used by one of his previous employers.
When he browsed to their Contact Us page, filled out the contact form, and clicked Submit, the webpage simply refreshed with no signs of actually doing anything. After staring at the screen for a moment, wondering what had gone wrong, Subby noticed the single quotes used within his message were now escaped. Clicking Submit a few more times kept adding escape characters, with no submission ever occurring. So he amended his message to remove every it's, we're, and other such contraction.
Without single quotes, the next submission was successful. It's impossible to say what was going on behind the scenes, but this seemed to suggest a SQL injection vulnerability in their form submission code. They were escaping "'" characters because they were building their query through string concatenation. But in addition to escaping the single quotes, it seemed to be rejecting any string which contained them.
A stellar first impression, to be sure. In fairness, this firm hadn't designed their own website. The name of the designer they'd contracted with, displayed in the webpage footer, looked more embarrassing than proud in light of his trouble.
An email address was listed beside the contact form. Subby sent a separate email alerting them of the bug he'd found. Hopefully, someone would acknowledge and channel it to the proper support contact.
A week passed. Subby never received a response or any confirmation that any of his messages had been received. Had that mailbox been abandoned after most, if not all, attempted contacts had mysteriously failed?
"I guess no SQL injection if it's never submitted!" Subby joked to himself.
He moved on to other prospects.
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!