Full Disclosure mailing list archives
Re: Knorr.de SQL Injection and XSS Vulnerabilities
From: Sebastian Bauer <sbauer () gjl-network net>
Date: Fri, 02 Mar 2007 15:46:22 +0100
The point why I rated those problems as high risk was that due to this problems free access to all user data was possible. And problems that will offer any kind of user data (including unencrypted passwords) is a significant security risk from my point of view (see the latest problems regarding StudiVZ). A lot of people are using the same password for websites, email and so on. And getting a password using this security hole makes it also possible to log in to a lot of email accounts that don't belong to you. -- ============================== Sebastian Bauer http://blog.gjl-network.net Zitat von Knud Erik Højgaard <kokanin () gmail com>:
On 3/2/07, sbauer () gjl-network net <sbauer () gjl-network net> wrote:Significance: Very CriticalFor who, the sauce-people? Not for me.All problems found have been discussed with Unilever, the mother company of Knorr and have been fixed before the release of this document.Sooo, why should anyone besides you and the sauce-people care? -- kokanin
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Knorr.de SQL Injection and XSS Vulnerabilities sbauer (Mar 02)
- Re: Knorr.de SQL Injection and XSS Vulnerabilities Knud Erik Højgaard (Mar 02)
- Re: Knorr.de SQL Injection and XSS Vulnerabilities Sebastian Bauer (Mar 02)
- Re: Knorr.de SQL Injection and XSS Vulnerabilities Joe Hancock (Mar 02)
- Re: Knorr.de SQL Injection and XSS Vulnerabilities Michal Zalewski (Mar 02)
- Re: Knorr.de SQL Injection and XSS Vulnerabilities Lolek of TK53 (Mar 04)
- Re: Knorr.de SQL Injection and XSS Vulnerabilities poo (Mar 05)
- Re: Knorr.de SQL Injection and XSS Vulnerabilities Knud Erik Højgaard (Mar 02)