"One coder added at least two database entries that are visible on the live site and say “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro.” "
"One coder added at least two database entries that are visible on the live site and say “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro.” "
Compared with an SQL injection, how sophisticated is this method?
If SQL injection is picking a lock, this is entering through an unlocked door.
Not sophisticated at all, authentication on API routes is way earlier on the security checklist than SQL query sanitisation. This site is amateur work.
Much much simpler, with a SQL injection at least you have to bypass the filters set, this is just submitting the changes through an API and the DB just eats it up.
Not to worry, they don’t use SQL
I’m not an expert, but it sounds comparable.
SQL injection is like picking a lock.
This is like trying to open the door and finding out there’s no lock.
The door isn’t necessarily obviously visible, but most buildings do tend to have doors.
Borrowed and expanded upon another commenter’s metaphor