lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <DJENKFIHHBCPJPMDNMFGAEOBDDAA.russs@unipalm.co.uk>
From: rspooner at unipalm.co.uk (Russ Spooner)
Subject: NASA.GOV SQL Injections

Dont you think that some people in nasa might also be reading this list?

Just because you can cause a sql error it doesnt necessarily mean you have found a security flaw: it might not be possible to
exploit it...

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of
mcbethh@...pl
Sent: 15 October 2003 19:24
To: Lorenzo Hernandez Garcia-Hierro
Cc: full-disclosure
Subject: Re: [Full-Disclosure] NASA.GOV SQL Injections


On Wed, 15 Oct 2003 01:45:02 +0200
"Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@...g-security.com> wrote:

> Hi all again,
> http://liftoff.msfc.nasa.gov/toc.asp?s=Tracking'
> admits sql characters injection but seems not easy to include
> successful queries
> security of nasa websites sucks ( sucks the web app security...)

Man... Who, other than nasa.gov itself, is affected by this bug ?!
Why are you posting it here? You even didn't contacted nasa.gov
admins... Hehehe.. It is obvious that my theory about you wanting fame
is correct. I remember similar post some time ago.. Some wise person
asked 'if you find server with wuftpd 2.4.2, do you send post to
full-disclosure that that host is vulnerable?'
Think dude.

mcbethh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



------------------------------------------------------------------
CRN Channel Awards 2003 - 10th Anniversary
Unipalm has been shortlisted for Specialist Distribution Partner
Vote for us at http://www.crn.vnunet.com by clicking the logo
-------------------------------------------------------------------
CONFIDENTIALITY AND DISCLAIMER NOTICE

This e-mail is intended only for the addressee named above and the
contents should not be disclosed to any other person nor copies
taken. Any views or opinions presented are solely those of the
sender and do not necessarily represent those of ComputerLinks (UK) Ltd.
(trading as Unipalm) unless otherwise specifically stated. As
internet communications are not secure we do not accept legal
responsibility for the contents of this message nor responsibility
for any change made to this message after it was sent by the
original sender. We advise you to carry out your own virus check
before opening any attachment as we cannot accept liability for any
damage sustained as a result of any software viruses.
-------------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ