| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Aug 4 19:24:50 2005 From: toddtowles at brookshires.com (Todd Towles) Subject: taking their revenge @ cisco It have nothing to do with a IOS at all. All the other SQL injection that happen in the world have nothing to do with Cisco IOS flaws. This is a pure case of the search function being open to SQL injection. Therefore it is a design/code problem in one of the three web-app tiers of the website. It most likely have been vunlerable for a while, but now that Cisco isn't playing nice..people are looking closer at their site. > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf > Of Frank Knobbe > Sent: Thursday, August 04, 2005 1:06 PM > To: Michael Holstein > Cc: full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] taking their revenge @ cisco > > On Wed, 2005-08-03 at 11:19 -0400, Michael Holstein wrote: > > * This incident does not appear to be due to a > weakness in Cisco > > products or technologies. > > > > (gotta love that last bullet) > > And that's probably correct. I doubt they got the password > due to a router flaw. Doesn't Cisco use Oracle as their > backend DB for their websites? That would certainly explain > the weak DB security.... > > Ooooh.... Cisco suing Oracle. Now that'd be fun to watch. > > Cheers, > Frank > > > -- > Ciscogate: Shame on Cisco. Double-Shame on ISS. >
Powered by blists - more mailing lists