| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jonathan at nuclearelephant.com (Jonathan A. Zdziarski) Subject: NASA.GOV SQL Injections > Dont you think that some people in nasa might also be reading this list? Hmm if I was in the top 1% of the smartest people in the world, I don't know if I'd have the time to read all the flames and spam that occur on this list. They probably have a team of their own computer geniuses auditing code on a daily basis, at which point it's only a matter of time before they realize the flaw. > Just because you can cause a sql error it doesnt necessarily mean you have found a security flaw: it might not be possible to > exploit it... Hopefully they haven't given the user any privileged access (to delete, call shell functions, etc.), but come on though, if it's possible to inject SQL code there's most likely some way to exploit at least the database.
Powered by blists - more mailing lists