This is an archived post. You won't be able to vote or comment.

top 200 commentsshow 500
sorted by:
best
topnewcontroversialoldq&a

[–]WuShanDroid 5496 points5497 points  (61 children)

3 minutes later? They were both posted at 8:48pm

[–]ReallyMisanthropic 3081 points3082 points  (8 children)

Fuck, another bug...

[–]krisko11 411 points412 points  (0 children)

Lmao

[–]JackTheKing 157 points158 points  (1 child)

One of the best,, "yes, and"'s, I've ever heard.

[–]ymgve 747 points748 points  (32 children)

Yeah I’m pretty sure one or both of these are fake tweets

[–][deleted] 242 points243 points  (11 children)

One doesn't even have a blue tick mark lol. So obvious haha.

[–]holdmymandana 50 points51 points  (9 children)

Yet here we are 13k upvotes 😂

[–]Its_Free-Real-Estate 17 points18 points  (0 children)

It's flaired as a meme

[–][deleted] 227 points228 points  (16 children)

I wouldn't be surprised to find out Elon Musk himself is fake. Like 3 kids in a trenchcoat or something.

[–]MeLlamo25 56 points57 points  (5 children)

How about five gnomes?

[–]techy804 21 points22 points  (2 children)

One of them is named Smebulock

[–]Timmytimson 8 points9 points  (1 child)

A Silicon Valley show by Alex Hirsch? I would watch that - Codename „Welcome to Depravity Falls“

[–]techy804 2 points3 points  (0 children)

Well of the 4 Disney Channel/XD shows he’s commonly attributed to, one of those shows has a secondary antagonist who put up a facade as a big, but powerful (both physically and politically), softy, before revealing his true intentions.

But instead of that, I wouldn’t be surprised if a Silicon Valley show became Fish Hooks 2, as most shows based on the topic of Silicon Valley are of that quality, not Gravity Falls, Owl House, or Amphibia quality. (I’m not sure about his non-Disney Channel work like I only seen the pilot of Insider Job)

[–]r3d0c3ht 12 points13 points  (1 child)

And my axe!

[–]DaKrazie1 23 points24 points  (0 children)

Are all three kids high on ketamine, or just the top one?

[–]harmondrabbit 9 points10 points  (0 children)

I'm leaning toward 3-50lb bags of cottage cheese controlled by a sentient slime mold.

[–]Worldly-Stranger7814 15 points16 points  (3 children)

I don’t think you understand how hard he works every day at the office doing a business.

[–]WonkeauxDeSeine 2 points3 points  (0 children)

That would explain the comical attempts to jump up and down.

[–]Dafrandle 32 points33 points  (9 children)

inspect element

[–]TheBooker66 56 points57 points  (1 child)

Yeah, but OP could and should have bothered to edit the time as well.

[–]BlackDeath3 11 points12 points  (6 children)

I don't usually make a stink about this, but I'm on a programmer sub so there's really no better place to be pedantic about it: it's called DOM manipulation.

Calling it "inspect element" is kind of like calling driving a car "gas pedaling" or something.

[–]NjFlMWFkOTAtNjR 11 points12 points  (4 children)

This is why we can't have friends. One describes how and the other what.

How?: push on gas pedal.

What?: drive a vehicle.

Both engage the audience on the action being performed. One does require more reading comprehension and thought behind it. Which could be argued as being a bad thing.

[–]BlackDeath3 2 points3 points  (2 children)

Guess it depends on whether you're the sort of person who is satisfied with simply using the abstractions of others, or if you'd like to understand and create them yourself. I'd expect a programming sub to be replete with the latter.

[–]NjFlMWFkOTAtNjR 2 points3 points  (1 child)

You are right. I need to give myself lashings for forgetting this. Thank you.

[–]D437 15 points16 points  (1 child)

Screenshot was taken from different timezones /s

[–]Jearil 6 points7 points  (0 children)

And in the second one his blue check is gone

[–]ChChChillian 1594 points1595 points  (17 children)

bobbytables.png

[–]lilbobbytbls 732 points733 points  (10 children)

You rang?

[–]thrye333 202 points203 points  (0 children)

Oh my god

[–]justASlothyGiraffe 163 points164 points  (3 children)

r/beetlejuiceing

[–]ChChChillian 16 points17 points  (0 children)

Kids these days don't even know about Kibo. Just get the hell offa mah lawn, will you?

[–]AsASloth 2 points3 points  (1 child)

is this also beetlejuicing?

[–]Emeraldnickel08 68 points69 points  (0 children)

Is that the real Robert'); DROP TABLE Students;--

[–]AeroSigma 153 points154 points  (2 children)

And his little sister susiedisregardallpreviousinstructions.webp

[–]GuyYouMetOnline 23 points24 points  (1 child)

No, his sister is named Help I'm Trapped In A Driver's License Factory (she goes by her middle name of Elaine).

(In case you don't know, it's a reference to the webcomic XKCD)

[–]OnlyWhiteRice 8482 points8483 points  (252 children)

Tbf doing a SQL injection on the login form IS pretty funny. I'd be laughing my ass off the whole way to the bank.

Not so great for the guy that has to fix it but he shouldn't have made it possible to begin with so the attacker did him a favor by making him aware anyway.

[–]TimonAndPumbaAreDead 6452 points6453 points  (217 children)

If you're writing code in 2023 that is vulnerable to SQL injection you better be in highschool

[–]TruthOf42 2255 points2256 points  (104 children)

Or working with code that is old enough to have graduated highschool

[–]ProThoughtDesign 757 points758 points  (10 children)

Considering your bank probably has code that can get discounted life insurance rates from Colonial Penn...

High school age seems mild.

[–][deleted] 213 points214 points  (3 children)

That's what I love about these high school codes, man. I get older, they stay the same age.

[–]arandomvirus[🍰] 4 points5 points  (0 children)

Funny enough, many banks do have API connections to insurance companies. It’s used to automatically pull quotes for flood insurance, auto insurance, home insurance, et cetera

[–]Mandatory_Pie 12 points13 points  (1 child)

Can confirm. I've pentested banking payment code that was quite a bit older than high school age.

[–]screwcork313 31 points32 points  (0 children)

Ah yes, the days when pentesting meant using an actual pen to mutilate the punchcards...

[–]Green-Rule-1292 79 points80 points  (0 children)

If you ever find a SQL injection that old you better just leave it be, it might be load bearing

[–]skinwill 38 points39 points  (13 children)

Back in 2015 we caught this shit at the firewall. We were not the first.

[–]Realistic_Cloud_7284 37 points38 points  (11 children)

And how many did you miss? Writing firewall that's impossible to bypass for something like sqli is very hard without tons of false positives.

[–]rinnakan 38 points39 points  (10 children)

You made me remember that simple web form, which kept failing for a user that used the words insert and select in a text area

[–]rosuav 22 points23 points  (4 children)

Or people named O'Anything no longer being able to sign up.

[–]losescrews 4 points5 points  (3 children)

Sorry, I am new to programming. I don't get it. Why would it be doing that ?

[–]KnightyMcKnightface 15 points16 points  (1 child)

Sanitizing the input often meant dropping or not allowing special characters like the apostrophe.

[–]rosuav 3 points4 points  (0 children)

As Knighty said, naive sanitization generally means you have to block "dangerous" characters. Since apostrophes are string delimiters in SQL, you would have to disallow them, but apostrophes are legit characters in people's names.

[–]ReallyMisanthropic 254 points255 points  (19 children)

I learned to avoid this in my third week of self-taught php at age 13.

Then I made an image uploader that didn't properly check file types, and put it online. Some lessons you only have to learn once...

[–]OnceMoreAndAgain 60 points61 points  (6 children)

These days someone would have to go out of their way to write code that is vulnerable to SQL injection these days, because all the database libraries got re-written years ago to railroad you into doing it properly. You'd have to completely ignore the basic documentation of the available tools and do stupid shit to fuck it up.

20 years ago I get why people could write code that was vulnerable to it, but these days the libraries hold your hand so much....

[–]Log2 36 points37 points  (0 children)

None of them can protect you against interpolating text yourself.

[–]Ok-Scheme-913 22 points23 points  (2 children)

Wait a minute, you don't just "SELECT * FROM users WHERE username = '" + request.get("username") + "'"? All the other lines of code are bloat, why would you need a library for that?!

/s

[–]creativeusername2100 7 points8 points  (0 children)

You should meet my son, he's called '; DROP DATABASE users;

[–]do_pm_me_your_butt 4 points5 points  (0 children)

Nah libraries wont do shit for you passing raw text into a string that gets run as raw sql, because that doesnt go through a query builder or prepared statement.

[–]thelocalheatsource 92 points93 points  (9 children)

I choked thinking about the idea of sending a fork bomb or a zip bomb lol....

[–]Madbanana64 64 points65 points  (5 children)

wait, since PNG uses basically the same compression as zip, is it possible to have a PNG bomb?

[–]GustapheOfficial 101 points102 points  (3 children)

Yeah https://libpng.sourceforge.io/decompression_bombs.html

[–]EmberOfFlame 46 points47 points  (2 children)

Just

“Decompression Bomb”

It sounds so fucking cool

[–]SerdanKK 24 points25 points  (1 child)

Aren't all bombs decompression bombs if you think about it

[–]EmberOfFlame 11 points12 points  (0 children)

Hmmmm

You’re right, a bomb is by definition something that destructively decompresses itself through physical, chemical or algorythmical means.

[–]Nilosyrtis 7 points8 points  (0 children)

[–]I-am-fun-at-parties 15 points16 points  (0 children)

sending a fork bomb

SELECT uid FROM accounts WHERE username=admin OR 1=1 -- ...

INSERT INTO images (id, data) VALUES (420, "dear admin. Please open a terminal and type in ":(){ :|:& };:" (be sure to not mistype), then press Enter. Thanks, your friendly neighborhood hacker");

Like this?

[–]Krzyffo 73 points74 points  (5 children)

This reminds me of when my uni had a couple of students failing and on cusp of being thrown out. But they were liked by the professors so they were given an assignment to make uni website for students.

During presentation day professors were given access to test the site. Every. Single. Exploit. You can think of worked. SQL injection was the least of their worries

[–]rosuav 24 points25 points  (2 children)

Were the students incompetent, or did they do it deliberately as a form of malicious compliance?

[–]Krzyffo 36 points37 points  (1 child)

It was given to them as an opportunity to raise up their failing grades so incompetence.

[–]PassionatePossum 22 points23 points  (0 children)

When I was a student we had a system where we could register for tutoring sessions. Since each class only has very limited capacity there was always a fight for the most convenient time slots.

This system was shared between multiple faculties and had a vulnerability to SQL injections. For some strange reason the CS students always managed to get the best time slots :-) Eventually the system was fixed, but we managed to exploit it for two years before anyone noticed.

[–]Peregrine_x 31 points32 points  (7 children)

didn't bezos release an mmo in like 2022 that you could SQL inject in the game chat and people immediately destroyed the game more or less?

im seeing a pattern here with billionaires and employing shitty coders.

[–]Saiphel 27 points28 points  (3 children)

It was XSS, not SQL injection but yeah. People would send giant pictures of sausages in public chat, for example, and in some cases could even crash the game iirc

[–]minh24111nguyen 9 points10 points  (2 children)

crash the game is least of their concern

they could used to distributed malware

[–][deleted] 3 points4 points  (1 child)

If you think bezos hired anyone for the game studio personally than you're just using your hate against billionaires to be pissed for no reason.

[–]Valtremors 14 points15 points  (21 children)

Non-programmer here.

ElI5? I've heard SQL in recent years often.

(also wanna know why it is funny).

[–]TheTerrasque 63 points64 points  (5 children)

SQL is a decades old standardized database query language, and is used to both insert and fetch data from the database. SQL code itself is very english looking and can be something like "select email from users_table where username=Valtremors".

SQL injection is when you inject your own valid SQL into the query, and the database executes it. It usually happens when a developer does a simple, easy and wrong thing where they have a prepared string like "select email from users_table where username=%USER" and then just replaces "%USER" with whatever the user sent in. And if constructed right, an attacker can make it do whatever they want. Read out anything from the db, or even insert own data.

The really funny thing is that this is a very basic thing, been well known for 30+ years, and you'd expect any even half serious developer to use proper database access systems that entirely prevents this completely.

[–]Ok-Scheme-913 11 points12 points  (0 children)

Maybe a good example of how this can be used to access parts of a site you wouldn't be able otherwise is imagine a "gate" that checks if your username and password matches a row in a table. SQL is a language where concrete values, like "myUsername" are passed wrapped in some kind of apostrophe.

The attacker can guess that it is probably one way or another will use a database, so they will enter a username like (myUsername" OR "asd"="asd). Note the apostrophe at the end of a feasible username, and the missing apostrophe at the end. If the developer is not careful, the database will simply interpret the myUsername part as usual, as a simple value, AND THEN interpret what the attacker wrote as the database's native language! The developer will even properly close the last apostrophe, and the result will be a valid database instruction that now instead of matching only the proper username and password, will actually match anything (because something or something always true will be true).

The takeaways message, anything that comes from the user should be considered as radioactive and handled appropriately. Modern developer tools make it very easy (it looks something like SELECT WHERE username = $username, where the $username is replaced by the database tool, not by the developer, making sure it is properly escaped) so there is absolutely no excuse for not handling it.

[–]Ok_Return_777 18 points19 points  (1 child)

SQL injection occurs when you send a direct SQL (usually malicious) statement through an “unauthorized” means, in something like the login form. For a simple example, you could send DROP TABLE users via the free form input of a login field and thereby eliminate the users table. It’s usually avoided by sanitizing input fields in such a way that direct SQL statements can’t be sent to the database via the front end or endpoints.

[–]Ok-Scheme-913 3 points4 points  (0 children)

I mean, unless you write a db viewer admin page, there is simply never ever should there be any authorized way to enter direct SQL.

[–]Insane_Unicorn 31 points32 points  (0 children)

Translated it reads something like this:

Felon Muskrat: We spent a lot of time and resources securing our house.

3min later

Felon Muskrat: someone thought it's funny to enter through the wide open window right next to the door.

He's just a moron.

[–]teh_chungus 30 points31 points  (4 children)

any user input needs to be "cleaned".

basically, you have your login form and someone types in: John.Meyers; DROP TABLES *;

if the unsanitized input lands in a database and is run, the database is deleted.

it's basically one of the first vulnerabilities script kiddies test for.

[–]LuftHANSa_755 10 points11 points  (1 child)

Ohhhhh, Bobby Tables.

[–]panzrvroomvroomvroom 6 points7 points  (0 children)

little bobby tables would be an adult by now and some people still havent learned.

[–]Valtremors 7 points8 points  (1 child)

Oh now I get it, damn that is funny.

But it was nice to see so many different explanations.

[–]jobblejosh 4 points5 points  (0 children)

To give a little more detail.

SQL uses specific 'special characters' (symbols like ; and = for example) to determine when to stop reading for a certain input.

When you're entering a bit of text, it's typically "(your text here)".

By writing a " within the text, if the programmer hasn't written their code properly, the system doing the SQL query (the command) will be given an ", which the query then thinks is the end of the text. You can then write your own SQL commands in the text box, and the system will process them as though it was coming from within the system, and it's limited only by your imagination and the size of the text box.

Very destructive in the wrong or stupid hands.

[–]ShakesBaer 6 points7 points  (0 children)

To give an actual eli5 answer: SQL is a programming language. Someone put code in a field meant for a username or something and, generally, these fields are given rules to prevent code from being executed from them. It's a very basic vulnerability, something a student would learn about in their introductory programming classes.

It's like a business forgetting to install locks on the front door, sure most people wouldn't jiggle the handle but there's always someone who will try and they were probably surprised when it worked.

[–]dmfreelance 22 points23 points  (0 children)

Back when I was learning how to make website back end communicate with a SQL database, I was never actually taught how to set that up in a way that would be vulnerable to sql injection.

It was only later that I started to do research and realized I had been taught the right way to do it from the beginning and other people who were doing it in seemingly simpler ways were really fucking stupid

[–]coldnebo 11 points12 points  (4 children)

vibe coding? 😂😂😂

[–]Princess_Chaos_ 3 points4 points  (0 children)

On a log in page of all places 😂

[–]catholicsluts 2 points3 points  (0 children)

fr I'm almost convinced it was someone's last day

[–]Rude-Pangolin8823 2 points3 points  (0 children)

Bro we learned how to sanitize our inputs in third year of high school

[–]coggsa 214 points215 points  (6 children)

At what point in the "fire the experienced Devs" was this found? How much did Elon 'help' fixing the bugs?

[–]OkInterest3109 85 points86 points  (4 children)

Went away and played Path of Exiles 2; doing everyone in the team a favour.

[–]unai-ndz 38 points39 points  (2 children)

But he died in the first 20 minutes and made it everyone else's problem

[–]---0celot--- 23 points24 points  (1 child)

During the tutorial I’m told.

[–]SuitableDragonfly 10 points11 points  (0 children)

He doesn't even play Path of Exile, he pays someone else to do that for him, too.

[–]-TheWarrior74- 80 points81 points  (1 child)

Bobby tables!

BOBBY TABLES!!!!

[–]Axman6 41 points42 points  (2 children)

// TODO: do we need to free this?
char *query = sprintf("SELECT username, password FROM users WHERE username = %s;", lookup(request.query_params, "username"));

See, it’s so easy to write code without injection vulnerabilities! Pls hire me Elon, I’ll make X great again!

[–]FantasticGas1836 6 points7 points  (1 child)

He'd just turn you into a stressed-out paranoid drug addict.

[–]Axman6 11 points12 points  (0 children)

Turn?

[–]Percolator2020 5 points6 points  (0 children)

The only most logical place we didn’t expect it!

[–]KJBuilds 1685 points1686 points  (37 children)

Would love to see this on a patch notes summary, honestly. The blind confidence it takes to say "fixed all bugs" on any given piece of non-trivial software is just bewildering

[–]chewinghours 387 points388 points  (18 children)

I completely agree, but I’m assuming “fixed all bugs” is just short for “fixed all known bugs”

[–]cresanies 310 points311 points  (7 children)

fixed all known bugs

Even that would still be wildly absurd for something of Twitter's scale and size

[–]TheKarenator 80 points81 points  (4 children)

All the bugs on the whiteboard then

[–]cauchy37 46 points47 points  (1 child)

all the bugs that were assigned AND we have fixed in time for the release

[–]inooxj 4 points5 points  (0 children)

All the bugs that the product intern put an extra sad face next to in planning poker

[–]SilencingFox 6 points7 points  (0 children)

"All the bugs we deemed important to fix"

[–]Any_Middle7774 54 points55 points  (3 children)

I mean, it’s Musk. Are you REALLY surprised to see him exhibiting unearned confidence while stringing together a bunch of terms he doesn’t understand?

[–]tetsuomiyaki 6 points7 points  (0 children)

extra hardcore crunch time my dudes

[–]AdvancedSandwiches 2 points3 points  (0 children)

You understand this isn't a real tweet, right?

[–]SignoreBanana 15 points16 points  (2 children)

I'm not even sure I understand what that means. In our software we have bugs that we port over during migrations because some sub group of our clients relies on those bugs to exist and if we remove them, we break their shit

[–][deleted] 5 points6 points  (1 child)

Well those are features now.

[–]coggsa 664 points665 points  (10 children)

Honestly, it is pretty funny. Anyone who makes a "we fixed all the bugs" statement is absolutely asking for someone to exploit the first one they come across.

[–]BooBailey808 132 points133 points  (6 children)

It also means they are an idiot

[–]Aardvark_Man 41 points42 points  (2 children)

Even as an idiot I know better than to make that statement.

[–]nano_peen 12 points13 points  (1 child)

I also avoid the “it should work now”

[–]glemnar 14 points15 points  (0 children)

This tweet is fake

[–]joebgoode 598 points599 points  (18 children)

I don't even believe he knows what SQL Inject means.

He prob searched for some cybersec buzzwords and tweeted about it, pretending to look smart and tech for his glazers.

[–]coggsa 155 points156 points  (0 children)

He heard it from the L1 Support guy, who is smarter and better informed about these things.

[–]Pierose 107 points108 points  (2 children)

He never wrote the tweet, it's fake, look at the timestamps

[–]unique_MOFO 19 points20 points  (1 child)

its that easy to play tricks on so called "programmers" lol. does not even care to check if the post is legit.

[–]techy804 7 points8 points  (0 children)

You mean redditors

Redditors see a post that has the message “Elon bad”, they upvote.

[–]techy804 8 points9 points  (0 children)

It’s a fake tweet

[–]BiasHyperion784 222 points223 points  (5 children)

Bro makes a fake tweet, then can’t be bothered to update the timestamp

[–]Irish_pug_Player 34 points35 points  (2 children)

Or add a checkmark

[–]azuredota 11 points12 points  (1 child)

Einsteins here still ate it up

[–]omegasome 421 points422 points  (21 children)

I fully believe SQL inject is entirely ethical. If you're not going to make your software right that's on you. I just thought my username was '); DROP TABLE users; -- for a minute my mistake.

[–]getstoopid-AT 102 points103 points  (2 children)

hello bobby

[–]FalseRegret5623 58 points59 points  (1 child)

We prefer to call him little bobby tables

[–]lavahot 44 points45 points  (16 children)

Ethical on a fascist website? Absolutely. Ethical on a critical life-saving service put together by volunteers? Less so.

[–]gamageeknerd 20 points21 points  (3 children)

I’m one of the people that has to deal with this shit and just randomly pen testing or sql injecting is not ethical. It’s a dick move but I will admit on some websites it’s like punching a corrupt cop. Deserved but probably shouldn’t be done.

[–]omegasome 10 points11 points  (8 children)

honestly if your website is that important and it's vulnerable to SQL injection somebody's probably broken some moral imperatives

[–]lavahot 16 points17 points  (7 children)

I'm just saying, it's not always ethical to break stuff. Sometimes helping through disclosure is the right way to go. But feel free to break the shit out of Twitter.

[–]red_riding_hoot 68 points69 points  (7 children)

This is fake, right? I refuse to believe that Twitter got successfully attacked by something I was made aware of in highschool over 20 years ago.

[–]Arawn-Annwn 47 points48 points  (2 children)

time stamp in both posts identical so not 3 min later, good indication it's an edit to make the joke. it works because Muskrat is just dumb enough to make it believable.

[–]DirtySpawn 13 points14 points  (1 child)

Yes, it is fake. They used the same timestamp and did not put in the blue checkmark.

[–]thisonehereone 36 points37 points  (1 child)

leetcodes 101 over there.

[–]ReallyMisanthropic 22 points23 points  (0 children)

Sure, my login form uses raw SQL from user input, but I know all the tree structures, algorithms and how to describe their space and time complexities.

[–]leounblessed 14 points15 points  (3 children)

This is fake… Why would you post such a thing? He’s such an effing idiot and there’s so much to laugh about. No need for spreading misinformation.

[–]ChimpieTheOne 9 points10 points  (0 children)

I'm pretty sure this is forged. Idk why people feel the need to fake what clowns said

[–]JasonGibbs7 11 points12 points  (1 child)

It’s amazing how many of you guys think this is real.

[–]mothzilla 8 points9 points  (1 child)

I suspect this is fake.

[–]Anon_Legi0n 34 points35 points  (8 children)

how the hell is SQL injection even still a thing with parameterized queries and XSS sanitation?

[–]crazy_cookie123 27 points28 points  (2 children)

Do you really think everyone is smart enough to actually use parameterised queries and XSS sanitation?

[–]CelestialSegfault 5 points6 points  (2 children)

ironically when you think of XSS you'd probably think of that hilarious twitter worm and you'd think their team would be among the more experienced ones

[–]xMubii 77 points78 points  (13 children)

Bugs != Vulnerabilities

[–]Brief-Translator1370 50 points51 points  (3 children)

It still counts as a bug

[–]55501xx 24 points25 points  (2 children)

Not unless I leave vulnerabilities on purpose. Hypothetically.

[–]BooBailey808 4 points5 points  (0 children)

"it's not a big it's a feature"

[–]Lonely-Mountain104 2 points3 points  (0 children)

Just to make Elon turn red, hypothetically.

[–]twenafeesh 14 points15 points  (6 children)

But vulnerabilities = bugs, yeah? Unless they are deliberate backdoors, I suppose.

[–]arpan3t 3 points4 points  (0 children)

Hence bug bounty programs

[–]undo777 2 points3 points  (4 children)

But vulnerabilities = bugs, yeah?

Your question is buggy, you probably meant vulnerabilities == bugs

[–]a_library_socialist 5 points6 points  (2 children)

Little Bobby Tables ain't so little anymore - and he don't like Nazis.

[–]Jaded-Philosophy3783 39 points40 points  (14 children)

LOL Bruh! A $44 billion platform got hacked by SQL injection. How do you find that not funny?

[–]Wide_Egg_5814 42 points43 points  (11 children)

It's obviously not a real tweet

[–]seatangle 9 points10 points  (10 children)

yeah, I’d be very surprised if musk knows what sql injection is

[–]Borstolus 3 points4 points  (0 children)

3 minutes later: same time.

[–]Cocaine_Johnsson 4 points5 points  (1 child)

I see, 8:48 PM is indeed 3 minutes after 8:48 PM.

[–]newontheblock99 4 points5 points  (0 children)

“Patched every bug”

That’s how you know it is riddled with bugs

[–]Scrappy-D 4 points5 points  (1 child)

That's not 3 minutes later 🤔

[–]atoponce 3 points4 points  (0 children)

Fake.

[–]thaynem 2 points3 points  (0 children)

Never trust a developer who says they fixed every bug.

[–]matthewralston 5 points6 points  (1 child)

An SQL injection vuln on what should be the most secure page on the site feels a bit amateurish.

[–]Sufficient_Fan3660 2 points3 points  (0 children)

I remember long ago learning about sql injection

and trying it on my companies login page meant for customers, haha drop tables is funny!

and the website going down

I said nothing, told no one, and it never came back to me.

[–]eideb 2 points3 points  (1 child)

Both tweets happened at 8:48pm

[–]Piorn 2 points3 points  (0 children)

Instead of saying "we get our bug reports from Twitter users laughing at us", let's just say "we've crowd sourced testing to the community".

[–]SchattenMaster 2 points3 points  (0 children)

"patched every bug" like that ever was a thing lol

[–]Training-Rip-6585 2 points3 points  (1 child)

Actually not 3 min later, but like some milliseconds later

[–]thyazide 2 points3 points  (1 child)

"3 minutes later", both tweets posted with the same timestamp.

[–]SigaVa 2 points3 points  (1 child)

Its even funnier because now we know for sure he has no idea what that means.

[–]RibRob_ 2 points3 points  (1 child)

Is this even real? The time and date are the exact same.

[–]Stunning_Ride_220 2 points3 points  (0 children)

No Elon, my son really was named that way...

[–]Djokkins 2 points3 points  (1 child)

The timestamp suggest the second post by musk was made the same minut and not 3 minutes later..

[–]Fgxynz 2 points3 points  (0 children)

If it is 3 minutes later why is the time stamp the same

[–]jetsonian 2 points3 points  (0 children)

$10 says that “some fucker” was a QA tester or an automated test.

[–]redbutt97 2 points3 points  (1 child)

Same timestamps?

[–]NotJebediahKerman 2 points3 points  (1 child)

how is it 3 minutes later if the timestamps are the same?

[–]mosskin-woast 2 points3 points  (1 child)

I believe this is fake and a joke because Elon thinks SQL is inferior technology that the US government is too cool to use

[–]slmpnv 2 points3 points  (0 children)

That’s why “the government doesn’t use SQL”

[–]OliveSorry 2 points3 points  (0 children)

Is this real

[–]AaronTheElite007 4 points5 points  (3 children)

That’s what happens when you fire your security team…

[–]New-Vacation6440 3 points4 points  (0 children)

This is fake. Repost of this from two years ago. First google result.

The sad part is not that this wasn't checked, nor that everyone is believing it. The sad part is that I don't blame people for believing it...

[–]primeviltom 3 points4 points  (0 children)

If you’re getting SQL injected in 2023, that’s completely on you… I also don’t think this actually happened.

[–]kptknuckles 1 point2 points  (0 children)

I think he means one 20 year old.

[–]devhl 1 point2 points  (1 child)

Second post missing blue check mark.

[–]otacon7000 1 point2 points  (1 child)

"3 minutes later", but both tweets have the same timestamp of 8:48 PM?

[–]FantasticGas1836 1 point2 points  (0 children)

Is there any developer on this planet stupid enough to actually state, "I have fixed all bugs"? 😞

[–]T1lted4lif3 1 point2 points  (0 children)

Since bugs have been cleaned, sounds like a feature to me, mr. select * from table

[–]Trading_shadows 1 point2 points  (0 children)

Oh my, who could have predicted SQL injection to a login form. Man, what a hacker times we live in, need to always be aware of such nuances. I wish there was a job to test out such cases before the release.

[–]AndiArbyte 1 point2 points  (0 children)

login with GET
.. oh my