Full Disclosure mailing list archives
RE: taking their revenge @ cisco
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 4 Aug 2005 13:24:37 -0500
It have nothing to do with a IOS at all. All the other SQL injection that happen in the world have nothing to do with Cisco IOS flaws. This is a pure case of the search function being open to SQL injection. Therefore it is a design/code problem in one of the three web-app tiers of the website. It most likely have been vunlerable for a while, but now that Cisco isn't playing nice..people are looking closer at their site.
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Frank Knobbe Sent: Thursday, August 04, 2005 1:06 PM To: Michael Holstein Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] taking their revenge @ cisco On Wed, 2005-08-03 at 11:19 -0400, Michael Holstein wrote:* This incident does not appear to be due to aweakness in Ciscoproducts or technologies. (gotta love that last bullet)And that's probably correct. I doubt they got the password due to a router flaw. Doesn't Cisco use Oracle as their backend DB for their websites? That would certainly explain the weak DB security.... Ooooh.... Cisco suing Oracle. Now that'd be fun to watch. Cheers, Frank -- Ciscogate: Shame on Cisco. Double-Shame on ISS.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- taking their revenge @ cisco Michael Holstein (Aug 03)
- Re: taking their revenge @ cisco Frank Knobbe (Aug 04)
- Re: taking their revenge @ cisco Chris Adams (Aug 04)
- <Possible follow-ups>
- RE: taking their revenge @ cisco Todd Towles (Aug 04)
- Re: taking their revenge @ cisco Michael Holstein (Aug 04)
- Cisco Self Defending Network Travis Good (Aug 04)
- Re: taking their revenge @ cisco Michael Holstein (Aug 04)
- RE: taking their revenge @ cisco Todd Towles (Aug 04)
- Re: taking their revenge @ cisco Frank Knobbe (Aug 04)