lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: justin-fulldisclosure at soze.net (Justin)
Subject: Sql Injection big5 consultancy

Blue Boar (2003-06-23 16:21Z) wrote:

> joseph blater wrote:
> >What should I do? Tell them their whole HR system is vulnerable and face 
> >the risks of being charged for something?
> >Although owning certs from most vendors, I never got to work for a top5. 
> >Shall I take the risk and use this vuln to help me getting a job?
> 
> Well, considering that they're called that because there are only 5 or so 
> of them... and that they all have pen test people who read this list... I 
> would guess that this problem will take care of itself.

Maybe, just maybe, one of the "pen test people" you presume are trolling
their halls might read this thread and notice the problem.  But the
chances of such people existing is rather slim given that they had sql
injection problems to start with.

Chances are, if he doesn't report it, they'll never know anything is
wrong unless/until someone hacks them and does noticeable damage, or
unless they hire someone with a clue who audits their web server logs.

-- 
Freedom's untidy, and free people are free to make mistakes and commit
crimes and do bad things.  They're also free to live their lives and do
wonderful things.   --Rumsfeld, 2003-04-11

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ