Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data - The Daily WTF

Description

he absurdly long URL contained the database query used to display the page's data. The SELECT also included a few non-displayed columns such as "social_security_number" and "date_of_birth", and even had several conditionals to make sure that only Active records were returned. It doesn't take too much SQL knowledge to display "social_security_number" instead of "doc_number", remove the conditionals, and create a URL like this...

Preview

Users

Comments and Reviewsshow / hide

Please log in to take part in the discussion (add own reviews or comments).

BibSonomy

Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data - The Daily WTF

http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data.aspx

Description

Preview

Tags

Users

Comments and Reviewsshow / hide