titaniumbunker.com

Evil geniuses and world domination are 2 of our goals... we also like Dr Who

Erm – something’s wrong here @smiffysuk

no comment

So searching for “Plumber Costume” revealed this.  Al that “Select” stuff – That’s SQL – or the query language used to look up things from Databases.  This isn’t great because I can deduce some of the storage architecture – but it doesn’t seem to be pasting the term Plumber Costume into the SQL that’s executed.  If it did include that then there is the possibility that this site would be vulnerable to something called a SQL injection attack.  It’s a bit worrying that the content passed in the search bar is printed – which may be a different vulnerability…

Not sure I should be seeing all that juicy SQL Smiffy…

I broke youtube

no comment

Whoops – looks like I broke youtube… somehow.

Instagram needs a Checkpoint.

no comment

Launching Instagram and authenticating using Facebook I get this message.

Instagram wants a Checkpoint… Just wish I knew how to provide one.

So Instagram, how am I going to look see Nathan Fillion’s photos now!!

Lloyds Bank error in the wild

no comment

A subtle error in the wild

I popped onto the Lloyds Bank site to download a form relating to a future change of address and I spotted this issue…. Can you see it?…  So I reckon some people are probably having a bit of a knowing chuckle while the rest are probably scratching their heads and wondering what all the fuss was about.

I’ve highlighted the error in yellow – and here’s a close up

Please wait…If this message is not eventually replaced by the proper contents of the document, your PDF viewer may not…. what? be working?

 Ok – so what’s going on here?

Lloyds would seem to have a library of PDF documents.  These seem to be in 2 different version of the PDF standard.  The first line of a PDF document contains the version number – which suggests that it’s version 1.7

Failing PDF

Whereas a working document from the site seems to be in version 1.4

Extract from a working document – PDF 1.4

Loading a version 1.7 document into Chrome gives us this :

Which looks surprisingly similar to the content extract Lloyds presented on their search screen.  So it seems that the PDF file content is indexed using a PDF viewer, and rather than indexing the real content of these documents, it has used this incompatibility message as the description for the PDF content.  We can further confirm this by searching for words from this document that are unlikely to appear in typical banking systems – so searching for the term “Linux” gives 12 results, all of which feature the first part of the Linux sentence.

 

Searching for “Please Wait” gives 126 documents that are equally badly indexed – some don’t even have a document title.

Ok – hands up who knows what document 1721 is all about? Any ideas?

As to why some have titles and some don’t I would have to guess that documents are uploaded through some form of content management system – and that these document may originally been in an older version of PDF (say – 1.4). These documents have since been updated – possibly with new interactive form filling features, and been re-indexed. The indexing system uses a version of PDF viewing which doesn’t support version 1.7 – and therefore indexes the incompatibility message as if it were document content (after all the viewer wouldn’t know whether it is showing content, or a message).

Other documents may have been created in a newer version of PDF, and the title attributes may not have been accessible when the document was indexed.

Update – I’ve tweeted this bug information to Lloyds.

Null null available for my tumble dryer from @espares

no comment

Espares has a Null null. for my tumble dryer… It may be Null, but it costs 6.75

And here’s the details for this Null.

@tesco cashpoint error in the wild

no comment

An error on a Tesco cashpoint – Warndon

The file c:\VLOGDIR\ATMFIX.LOG could not be opened. The process cannot access the file because it is being used by another process.

Who needs to log stuff anyway…I wonder what that other process is?

These aren’t the chairs you’re looking for @StaplesUK

no comment

I know it’s sad times for staples UK – I spent many a happy time in staples, refreshing my manilla folders for my family research – but I can’t help it’s a little early for it all to start to fall apart.

My office chair – actually bought from Staples only a few years ago is starting to look its age, and I thought about replacing it – so I clicked on the “See all Deals” button under “Big Chair Event” and presented with a list of manager and executive chairs.

 

Now I’m not really a manager type – I like to get my hands dirty  (in as much as I don’t like to get my hands dirty – that’s why I work with code) so I was thinking about a mesh chair.  So I clicked on Mesh Seating :

No mesh seating here...

No mesh seating here…

Also missing are Draughtman Chairs. Interestingly I can find a mesh seating section  – http://www.staples.co.uk/mesh-seating/cbk/670.html

So what’s happening?

Well – comparing the draughtsman, mesh seating and ergonomic chairs links – against the working links, it seems that the culprit seems to be : cm_sp.

For example – here is the failing Mesh Seating link :
http://www.staples.co.uk/mesh-seating/cbk/670.html&cm_sp=W16_11_017_02UK-_-Na-_-Na?web_track_id=135829767&position_id=2&promo_code=989989999&lcb=10

And a slightly modified (and now working)  mesh seating link :

http://www.staples.co.uk/mesh-seating/cbk/670.html?cm_sp=W16_11_017_02UK-_-u_ad_4_href&web_track_id=135829704&position_id=2&promo_code=989989999&lcb=10

The highlighted Na-_-Na looks suspiciously like Not Applicable, or potentially “NaN” truncated to fit.

 

Searching on fighting knives throws error :

no comment
fighting knives - search error when searching

fighting knives – search error when searching

Thanks to Stuart Baldwin for pointing this one out : searching for anything on fightingknives.info for anything breaks the site, returning the message :

A potentially dangerous Request.Path value was detected from the client (&).

Looking at the favicon it appears to be a DotNet Nuke site – wow… that’s old – so old that I think this was originally running on the .NET 2 framework,

Anyway – the reason for this is the search url that the site navigates to when searching :

http://www.fightingknives.info/fighitngknivesinfo/search-results&Search=test

From the stack trace it seems that this site is running under .NET framework v4, and there were changes made to the v4 framework that extended request validation from only .aspx requests, to all requests.

To ‘fix’ this the site owner can add :

<httpRuntime requestValidationMode="2.0" />

To their web.config file, to prevent this from happening – or alter their application pool to use the older .NET frameworks (should be fine in version 2, may be fine in version 3 and 3.5)  I say’fix’ because really they should be perhaps looking to update to a newer version, or re-writing their search facility to not pass potentially dangerous characters into their own requests.

Thanks Stuart

Three Network’s knowledge server is down…

no comment
Knowledge server down...

Knowledge server down…

Other companies might call them web servers… not Three.

Whoops – broken link there @premiumcredit

no comment

I needed to sign the agreement for my home insurance – so I popped onto mypremiumcredit.com

Signing a credit agreement on PremiumCredit

Signing a credit agreement on PremiumCredit

I wanted to read the terms and conditions, so I clicked on the terms and conditions link…

Whoops - Now - that looks like JSON.

Whoops – Now – that looks like JSON.

Will be letting the technical contact for the site know.

Categories

Archives

Tags