Skip to content

Posts tagged ‘facepalm’


Safekeeper Hotel Safe Bypass Video

I spent a week in Hawaii on the way back from Blackhat and Defcon in Las Vegas, and my hotel room had a Safekeeper key-lock safe that you had to pay $5 a day to use. Turns out the safe was perfectly usable without the key – which I guess nullifies the safe’s entire purpose. Although it had a Medeco lock, the lock wasn’t really necessary, I used a paperclip as my ‘key’. There must have been something really wrong with the way the plug was installed, I’d be horrified if this ‘attack’ worked on all of these safes. Unfortunately I only had the one in my room to play with.

Check out my demo video below for some facepalm-worthy safe bypass action!

[Updated] A guy called Brad found that his electronic hotel safe could be opened using an all-zero passcode.


When SQL injection becomes too easy

Monkey FacepalmWhen surfing around the net I recently came across a website that appeared to use some kind of simplified database query as part of the GET request. This got me thinking about what would’ve been possible if the developers had been stupid enough to pass an actual SQL query in the URL.

Turns out that some websites actually do this!  See Monkey Facepalm picture.

A quick Google search with the following terms will bring back a number of pages that use SQL queries as GET parameters:

inurl:select inurl:where inurl:%20

One of the results, from Washington State University: sqlQuery=SELECT%20author%2C%20title%2C%20year %2C%20publication%2C%20volume%2C%20pages%20 FROM%20refs%20WHERE%20serial%20RLIKE%20%22. %2B%22%20ORDER%20BY%20author%2C%20year%20 DESC%2C%20publication&submit=List&citeStyle=APA& citeOrder=&orderBy=author%2C%20year%20DESC

decodes to: author, title, year, publication, volume, pages FROM refs WHERE serial RLIKE “.+” ORDER BY author, year DESC, publication&submit=List&citeStyle=APA&citeOrder=&orderBy=author, year DESC

Now, how many databases with with full admin privileges? I think I also spotted some ecommerce sites doing this too… passwords and credit card numbers anyone?