Full Disclosure mailing list archives
Re: new facebook SQL injection vulnerability
From: Benji <me () b3nji com>
Date: Tue, 30 Nov 2010 23:57:14 +0000
No, you've found a vuln in a Facebook App. Aka a 3rd party script included via iframe to a directory at apps.facebook.com. So no access to real Facebook.com databases/servers, probably just a dreamhost account. 2010/11/30 Maciej Gojny <vuln () ariko-security com>
Benji@ I dont understand You, I have access to whole DB... so go to school.. bye regards, Maciej Wiadomość napisana przez Benji w dniu 2010-12-01, o godz. 00:47: so if I upload a 'hacked by benji' html file to my google sites account, by your logic this would count as hacking Google. Cant wait to see The Register report about this. 2010/11/30 Maciej Gojny <vuln () ariko-security com>Hello Full Disclosure ! Today i have found next SQL injection in *facebook.com* * * *Details:* * * http://blog.ariko-security.com/?p=82 Full advisory will be released soon! Regards, Maciej Gojny Ariko-Security Rynek Glowny 12 32-600 Oswiecim tel:. +48 33 4741511 mobile: +48 784086818 (Mo-Fr 10.00-20.00 CET) Ariko-Security Sp. z o.o. z siedzibą w Oświęcimiu , zarejestrowana przez Sąd Rejonowy dla m. Krakowa-Śródmieścia, XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS: 00000358273, NIP: 549-239-90-67, REGON 121262172 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/Ariko-Security Rynek Glowny 12 32-600 Oswiecim tel:. +48 33 4741511 mobile: +48 784086818 (Mo-Fr 10.00-20.00 CET) Ariko-Security Sp. z o.o. z siedzibą w Oświęcimiu , zarejestrowana przez Sąd Rejonowy dla m. Krakowa-Śródmieścia, XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS: 00000358273, NIP: 549-239-90-67, REGON 121262172
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- new facebook SQL injection vulnerability Maciej Gojny (Nov 30)
- Re: new facebook SQL injection vulnerability Benji (Nov 30)
- Re: new facebook SQL injection vulnerability Maciej Gojny (Nov 30)
- Re: new facebook SQL injection vulnerability Benji (Nov 30)
- Re: new facebook SQL injection vulnerability Reed Loden (Nov 30)
- Re: new facebook apps SQL injection vulnerability Maciej Gojny (Nov 30)
- Re: new facebook SQL injection vulnerability Benji (Nov 30)
- Re: new facebook SQL injection vulnerability Maciej Gojny (Nov 30)
- Re: new facebook SQL injection vulnerability Benji (Nov 30)