SQL Injection at Reddit



Reddit takes SQL injection very seriously.

How seriously?

Check their headers:

scabral-07890:~ scabral$ curl --head www.reddit.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: reddit_first=%7B%22organic_pos%22%3A%201%2C%20%22firsttime%22%3A%20%22first%22%7D; Domain=reddit.com; expires=Thu, 31 Dec 2037 23:59:59 GMT; Path=/
Server: '; DROP TABLE servertypes; --
Date: Sat, 12 May 2012 13:54:20 GMT
Connection: keep-alive

scabral-07890:~ scabral$

A colleague at PICC showed me this!

One response

  1. Mike Ratcliffe wrote on ::

    This reminds me of little Bobby Tables:

    Slashdot used to have Futurama quotes in their headers but I think they have removed them ;o)