Earlier today, one of my print jobs wouldn’t cancel. I tried canceling all jobs, i tried to delete it from the queue. It just wouldn’t budge. I tried to look for some help and found it laden with XOX’s. Sweeet.
A couple of days ago, an officemate initiated a jabber chat with me. He told me that he found a problem on our online time sheet while he was tinkering with the firebug plugin. Turns out there’s a hidden field for the login time that one can tamper with, and again no server-side validation for it. Using firebug, one can update the value for the hidden field, and then use the form to submit. The problem’s been escalated. I wonder if they’ll fix it though… or simply dismiss it on account of “the users won’t do that.” 😛
I came across an interesting bug the other day as I was trying to think of a good example of URL hacking. I entered the URL to our company’s online time sheet (OTS) — http://192.168.4.135:8080/ots/Index.jsp — onto my favorite browser and then backspaced a bit. I hit enter when the browser was pointed to http://192.168.4.135:8080/ots/ and ta-dah… a directory listing.
Most interesting was that upon checking the contents of the folders, I came across a file with a .conf extension. That made me do a double-take. True enough, when I opened the file, it contained the DB server, username and password to our OTS. There was also a very helpful readme.txt file which cited the .conf file and the supposedly confidential information. This has been fixed though — that is, at least the access to the conf and readme files. The directory listing can still be viewed. 😛
(Alt title: So much for tourism)
I’ve been meaning to take a picture of my colleague’s magnet for some time. Never really gotten around to it until this morning.
At first glance, you won’t really notice it since it’s pretty much a very typical-looking souvenir magnet. And then you do a double-take when you notice the text… Singapare?!
This was from an old issue of the Sunday Inquirer Magazine. The photo was captioned “Agents are trained well…”