Bobby Tables Meets Password Breach
We’ve all seen the “Little Bobby Tables” comic, explaining the perils of unsanitised input, SQL injection. Now, what if we were to turn the tables on attackers with this exact method? Maybe make your password be something with a comma, so all the CSV dumps that are bought and sold break?
Is that all it would take to mess with one or two attackers? Adding a ‘,’ to your password, your username? Maybe find a super weak site you know will be exploited and create a fake account like this?
Who wants to (or has) given this a try?