| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20101130155928.25b5cea6@angelo.pretender.us> Date: Tue, 30 Nov 2010 15:59:28 -0800 From: Reed Loden <reed@...dloden.com> To: Maciej Gojny <vuln@...ko-security.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: new facebook SQL injection vulnerability What I believe Benji is saying is that it looks (from the little information you posted) like you just found a SQL injection in a facebook app, which is not the same thing as finding a SQL injection in facebook.com's actual code. Apps are not run by facebook, so it's unsurprising that some random app would have a SQL injection vulnerability. ~reed On Wed, 1 Dec 2010 00:51:35 +0100 Maciej Gojny <vuln@...ko-security.com> wrote: > Benji@ > > I dont understand You, I have access to whole DB... so go to school.. bye > > regards, > > Maciej > > Wiadomość napisana przez Benji w dniu 2010-12-01, o godz. 00:47: > > > so if I upload a 'hacked by benji' html file to my google sites account, by your logic this would count as hacking Google. > > > > Cant wait to see The Register report about this. > > > > 2010/11/30 Maciej Gojny <vuln@...ko-security.com> > > Hello Full Disclosure ! > > > > Today i have found next SQL injection in facebook.com > > > > Details: > > > > http://blog.ariko-security.com/?p=82 > > > > Full advisory will be released soon! > > > > Regards, > > > > Maciej Gojny _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists