May 21, 03:43 PM 
514 Chai Chee Lane 03-16, Singapore 469029 Things got a little carnal for Prime Supermarket in the interwebz.
Prime Supermarket, of fresh food and competitive prices, got hacked and as usual, Reddit has got all the scoop. This was uploaded yesterday.
Source: Reddit Singapore
We did our due diligence (ie: a Google search) at 2pm and found that the supermarket has stopped serving MILF porn.
Instead, it is now offering lesbian porn.
However, its website shows no signs of defacement; oysters are still as juicy and cucumbers still as long and thick.
Reddit user 8bitlisa wrote that this could be a SQL injection, which is basically a form of low level website hack.
"SQL Injection is a type of attack that exploits a certain type of vulnerability. This vulnerability can exist in any website that uses a database (most websites use a database) if the developer doesn't safeguard against it. A database is a system where data is stored - sometimes this includes the text on the site. Databases (commonly) use a language called SQL. SQL commands look like this:
select data from products where name = "hairbrush";
This will look for data in a table called "products" where the product name is "hairbrush". This sort of command could be used, say, for the search functionality on a website. A user of the website can search for "hairbrush" and that phrase will be used the SQL command. So the program gets hairbrush data out of the database and displays it on the wesbite.
But what if somebody types this in the box?
hairbrush"; delete from products; --
That will get fed into the command like this:
select data from products where name = "hairbrush"; delete from products; --"
This will run two commands: the "select" one as before, and also a "delete" one which will delete everything from the products table! (The little -- at the end means "ignore everything til the end of the line" so the remaining " character doesn't cause a problem.)
This is called SQL injection as you are sneakily injecting SQL commands into the database. This could be used for all sorts of malicious purposes as it effectively gives you access to the database. So you could retrieve user data, or you could gain access to system passwords, or you could delete all the important data from the system, for example.
This exploit can be prevented by the developer by "sanitising" the inputs, i.e. removing any special characters that have meaning in SQL (i.e. " and ;). That's basically entry level website development knowledge IMHO so someone's really cocked up here.
In the error in the comment above, MySQL is a type of database. The error shows that either 1) someone has used SQL injection to destroy the database, so the website can no longer connect to it or 2) the owners have realised and turned off the db (and therefore the website) in order to prevent further damage." (emphasis mine)
Another check at 3:45pm, Prime is SFW again.
Well, it was fun while it lasted.
Top photo from here.
If you like what you read, follow us on Facebook and Twitter to get the latest updates.
If you like what you read, follow us on Facebook, Instagram, Twitter and Telegram to get the latest updates.