Full Disclosure mailing list archives
RE: taking their revenge @ cisco
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 4 Aug 2005 14:26:45 -0500
Well, I won't fight that one. But web-app holes are well understood and are not related to problems found in the IOS. I really don't see how people can confuse them.
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Michael Holstein Sent: Thursday, August 04, 2005 2:01 PM To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] taking their revenge @ ciscoIt have nothing to do with a IOS at all. All the other SQLinjectionthat happen in the world have nothing to do with Cisco IOSflaws. Thisis a pure case of the search function being open to SQL injection. Therefore it is a design/code problem in one of the three web-app tiers of the website.Yeah .. but I guess their "Self Defending Network" well, um ... DIDN'T. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- taking their revenge @ cisco Michael Holstein (Aug 03)
- Re: taking their revenge @ cisco Frank Knobbe (Aug 04)
- Re: taking their revenge @ cisco Chris Adams (Aug 04)
- <Possible follow-ups>
- RE: taking their revenge @ cisco Todd Towles (Aug 04)
- Re: taking their revenge @ cisco Michael Holstein (Aug 04)
- Cisco Self Defending Network Travis Good (Aug 04)
- Re: taking their revenge @ cisco Michael Holstein (Aug 04)
- RE: taking their revenge @ cisco Todd Towles (Aug 04)
- Re: taking their revenge @ cisco Frank Knobbe (Aug 04)