SQL injection?
Why is this still possible?
In a world where prepared statements and string sanitisation exist this seems to highlight either a woeful lack of programming knowledge or a reluctance to update legacy systems.
Either way...it's crazy.
A man from the Australian state of Victoria has been charged after stealing, using, and publishing credit cards of political party members using basic tricks he learned from YouTube. Aaron Warren Camm, 20, of Kangaroo Flat, learnt how to use the skiddie tool Havij to launch SQL injection attacks and applied the lessons in …
Sigh.
Political parties in this country, for all the massive donations they receive, are loath to spend money on real stuff. You can judge this by the quality of the photos used on election posters (which are cable tied to every vertical object right now) - clearly taken by friends, family or if by a professional one who's just found out the sitter expects not to pay for it as a contribution to the cause. I've experienced it first hand from our state conservative party (self styled as the party of small business to add surrealism to the experience) and can well imaging the feelings of a small developer who thought he'd landed a lucrative job for an influential client.