lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: jonathan at nuclearelephant.com (Jonathan A. Zdziarski)
Subject: NASA.GOV SQL Injections

> Dont you think that some people in nasa might also be reading this list?

Hmm if I was in the top 1% of the smartest people in the world, I don't
know if I'd have the time to read all the flames and spam that occur on
this list.  They probably have a team of their own computer geniuses
auditing code on a daily basis, at which point it's only a matter of
time before they realize the flaw.

> Just because you can cause a sql error it doesnt necessarily mean you have found a security flaw: it might not be possible to
> exploit it...

Hopefully they haven't given the user any privileged access (to delete, call shell functions, etc.), 
but come on though, if it's possible to inject SQL code there's most likely some way to exploit at least the database.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ