In Sweden’s newest election, a minute assortment of crafty programmers appear to devour attempted to hack the balloting database with a pen-and-paper assault.
While most folk exercise pre-printed pollpapers to vote with, the country’s election law dictates that you’re allowed to jot down your vote out by hand, and one person seems to devour attempted to handle shut excellent thing about this, to exercise an SQL injection to abolish the database.
The election used to be very shut, and so the election authority has printed the total pen-and-paper votes on-line, anonymised, for corpulent transparency. Scanning thru them, blogger Jonas Elfström noticed the next line: “;13;Hallands län;80;Halmstad;01;Halmstads västra valkrets;0904;Söndrum 4;pwn DROP TABLE VALJ;1“.
The DROP TABLE repeat in an SQL database deletes the total desk of votes when it be set in, which methodology that had the electoral fee now not been careful, it will devour wiped the total election records. This has develop to be is named a “Small Bobby Tables assault”, after webcomic XKCD brought it to greater attention. It requires you to know, or succesfully guess, the title of the database, nonetheless, that will devour been why it failed.
Let this be a lesson to all you coders available in the market. Sanitise your database inputs.
Attributable to Karolina and Andy for support with this story.