Full Disclosure mailing list archives
RE: NASA.GOV SQL Injections
From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Fri, 17 Oct 2003 09:08:07 -0400
Dont you think that some people in nasa might also be reading this list?
Hmm if I was in the top 1% of the smartest people in the world, I don't know if I'd have the time to read all the flames and spam that occur on this list. They probably have a team of their own computer geniuses auditing code on a daily basis, at which point it's only a matter of time before they realize the flaw.
Just because you can cause a sql error it doesnt necessarily mean you have found a security flaw: it might not be possible to exploit it...
Hopefully they haven't given the user any privileged access (to delete, call shell functions, etc.), but come on though, if it's possible to inject SQL code there's most likely some way to exploit at least the database. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NASA.GOV SQL Injections Lorenzo Hernandez Garcia-Hierro (Oct 14)
- Re: NASA.GOV SQL Injections mcbethh (Oct 16)
- RE: NASA.GOV SQL Injections Russ Spooner (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Russ Spooner (Oct 17)
- <Possible follow-ups>
- RE: NASA.GOV SQL Injections Schmehl, Paul L (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections madsaxon (Oct 17)
- Re: NASA.GOV SQL Injections Gregory A. Gilliss (Oct 17)
- Re: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- Re: [SD:jason.full-disclosure] RE: NASA.GOV SQL Injections Jason Freidman (Oct 17)
- Re: NASA.GOV SQL Injections Valdis . Kletnieks (Oct 18)
- Re: NASA.GOV SQL Injections mcbethh (Oct 16)