Skip to main content

Okay, I'll bite.

What's with all the ../ memes for the past few weeks or so? I get that not sanitizing input for this is a serious security vulnerability, but it's such an elementary exploit that I don't understand why it suddenly seems to be all the rage. What's next? SQL injections? Buffer overflows?

I assume some big company made this mistake recently and I just wasn't paying attention?

in reply to Jonathan Lamothe

Judy Anderson
Judy Anderson
People just do it all the time. It's expedient for the developer. In fact, at my company, I just told somebody "don't to do that" who was proposing to do something with multiple "../"s in a path. So it's like the simplest mistake to make and that's why it's the biggest exploit in the meme. I didn't have an image handy so I had to describe the meme to the person I was telling to stop.
in reply to Judy Anderson

Jonathan Lamothe
Jonathan Lamothe

@Judy Anderson I suppose. I guess I just don't understand the sudden meme-ification.

You know, sometimmes I question my competency as a programmer, and then I see mistakes like this being made and I just shake my head.

@Judy Anderson
in reply to silverwizard

Jonathan Lamothe
Jonathan Lamothe
@silverwizard That's... terrifying. Were they all in the same product, or is it a widespread thing?
@silverwizard
in reply to Jonathan Lamothe

silverwizard
silverwizard
@Jonathan Lamothe widespread. I'm being hyperbolic with 20, but people in infosec are starting to question if firewalls are even a viable product these days due to vendor malfeasance.
@Jonathan Lamothe