Full Disclosure mailing list archives
Re: adobe.com important subdomain SQL injection again!
From: Chris Evans <scarybeasts () gmail com>
Date: Tue, 21 Dec 2010 13:21:10 -0800
On Sat, Dec 18, 2010 at 3:30 PM, Victor Rigo <victor_rigo () yahoo com> wrote:
Let's see, flash is: - Cross-platform - Cross-architecture - Has it's own programming language - Is embedded on websites - Access to javascript to popup, local caches, etc. It's not ineptness, it's what you get when you right software that can actually do stuff. If Java applets were still the hip thing, you'd see the same thing about that. Victor Rigo, CISSP
This insight reminds me, I really must get around to going up for my CISSP.
Computer Security Consultant
+5411-4316-1900 Buenos Aires, Argentina --- On *Sat, 12/18/10, Jeffrey Walton <noloader () gmail com>* wrote: From: Jeffrey Walton <noloader () gmail com> Subject: Re: [Full-disclosure] adobe.com important subdomain SQL injection again! To: "Maciej Gojny" <vuln () ariko-security com> Cc: full-disclosure () lists grok org uk Date: Saturday, December 18, 2010, 5:53 PM On Sat, Dec 18, 2010 at 11:58 AM, Maciej Gojny <vuln () ariko-security com<http://mc/compose?to=vuln () ariko-security com>> wrote:hello full disclosure! After six months from the first contact with Adobe security team,importantadobe.com subdomain is still vulnerable to SQL injection attacks. Wehopethat this time, serious people will try to solve the problem.There's a reason Adobe is the most attacked software [1,2], and its probably because they write the most vulnerable software (or adversaries are looking for a challenge, which seems less intuitive and highly unlikely to me). It appears "insecurity" is an enterprise wide practice, and not just limited to their software. Jeff [1] "Adobe surpasses Microsoft as favorite hacker’s target" (Jul 2009) http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/ [2] "Adobe predicted as top 2010 hacker target" (Dec 2009) http://www.theregister.co.uk/2009/12/29/security_predictions_2010/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: adobe.com important subdomain SQL injection again!, (continued)
- Re: adobe.com important subdomain SQL injection again! Jeffrey Walton (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Marsh Ray (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Christian Sciberras (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Victor Rigo (Dec 19)
- Re: adobe.com important subdomain SQL injection again! John Jester (Dec 20)
- Re: adobe.com important subdomain SQL injection again! Jeffrey Walton (Dec 23)
- Re: adobe.com important subdomain SQL injection again! Serkan Özkan (Dec 20)
- Re: adobe.com important subdomain SQL injection again! John Jester (Dec 20)
- Re: adobe.com important subdomain SQL injection again! Marsh Ray (Dec 20)
- Re: adobe.com important subdomain SQL injection again! Pavel Kankovsky (Dec 23)
- Re: adobe.com important subdomain SQL injection again! Chris Evans (Dec 21)