curl -I www.reddit.com HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Se... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		citricsquid on Dec 7, 2012 \| parent \| context \| favorite \| on: HTTP Headers For Fun & Profit curl -I www.reddit.com `HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: '; DROP TABLE servertypes; -- Date: Fri, 07 Dec 2012 10:30:26 GMT Connection: keep-alive`

cpsales on Dec 7, 2012 [–]

Haha, brilliant!

Selfcommit on Dec 7, 2012 | [–]

I don't get it - What am I missing?

citricsquid on Dec 7, 2012 | | [–]

    Server: '; DROP TABLE servertypes; --

It's a mysql injection. If someone was scraping headers and logging them and wasn't validating the input -- and their database was named "servertypes" -- it would delete the database.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact