what do “hackers” mean by finding a “vulnerability”. It’s hard to understand how there can be a gap in code that grants that much access.

1.21K views

?*
**Thank you guys for all the great answers I am enlightened. Computers are fascinating to me so this is a real treat!

In: 1007

41 Answers

Anonymous 0 Comments

It seems like movie hacker jargon but code can have vulnerabilities just like any system designed for security, from the guard rotations at a bank to the structural design of a padlock. It just means an oversight in the way a system was designed which allows for it to be used in unintended ways.

A pretty funny code vulnerability back in the early days of the internet which has since been fixed in nearly all websites is called an SQL injection. SQL is a computer language used to request data from a database, and many websites use it to check their database for your login credentials when you enter them to sign in.

A naïve programmer might code their login page like this: they have a line of SQL with a gap in it where the username should go, and when you press “login” on the page the code copies whatever text is in the “username” field directly into the SQL line and sends the request to the database.

Now, here’s the problem: the user doesn’t have to only type their username into that box. If they know SQL and are clever/evil, they can also type in fragments of SQL carefully in such a way that when the text gets pasted into the other SQL code, the full thing reads as two separate lines and the second line can do whatever the user wants to the database, like… delete everyone’s data. Oops

It’s kind of like walking into a subway and ordering a sandwich and when the server asks what you want inside you say: ham, swiss cheese, a top bread, a bottom bread, and $500 cash. The server gives you a strange look for a second, but since everything up to the top bread is a valid sandwich and all the bottom breads match up with a top bread, they conclude everything is normal and give you what you ordered.

You are viewing 1 out of 41 answers, click here to view all answers.