If you haven’t noticed, the Bugcrowd logo kind of looks like a jack-o’-lantern , which is really convenient because it’s almost Halloween.

It’s going to be a great Halloween, I can feel it in my bones ! If you haven’t noticed yet, my favorite thing about halloween is that it gives me an excuse to drive everyone batty   by making excessive halloween puns. They’re very humerus. I’ve also got some vampire puns, but they suck .

Anyway, the marketing team at Bugcrowd asked me to write about a spook-tacular bug that I’ve seen recently, so let’s get startled, shall we?

It was a cold and dreary night, the full moon was filtering through my blinds. I was up late, staring at my computer scream, when suddenly a new submission appeared in my triage queue. An SQL injection no less, the hallow-queen of all spooky bugs.

Validate it, I did. Crimson-colored text spurted across my screen, AAAAAHHHHH! PERSONALLY IDENTIFIABLE INFORMATION! A witch busted through my door, cackling as a lightning strike lit up her resting witch face. “That appears to be a blind SQL injection which can be used to pilfer customer data!” she said. I nodded. She was dead right .

I got goosebumps, my hairs stood on end. My finger hovered over the P1 button, I clicked it.

“Phew, all triaged” said the witch as she rode off on her broom . I took a deep breath and leant back in my chair, pleased with myself. Time for some pumpkin soup .


About the Author: Luke Stephens is a father, husband, hacker, pen tester, and full-time Application Security Engineer and Quality Assurance Training Manager at Bugcrowd.