Full Disclosure mailing list archives
Re: new facebook SQL injection vulnerability
From: Reed Loden <reed () reedloden com>
Date: Tue, 30 Nov 2010 15:59:28 -0800
What I believe Benji is saying is that it looks (from the little information you posted) like you just found a SQL injection in a facebook app, which is not the same thing as finding a SQL injection in facebook.com's actual code. Apps are not run by facebook, so it's unsurprising that some random app would have a SQL injection vulnerability. ~reed On Wed, 1 Dec 2010 00:51:35 +0100 Maciej Gojny <vuln () ariko-security com> wrote:
Benji@ I dont understand You, I have access to whole DB... so go to school.. bye regards, Maciej Wiadomość napisana przez Benji w dniu 2010-12-01, o godz. 00:47:so if I upload a 'hacked by benji' html file to my google sites account, by your logic this would count as hacking Google. Cant wait to see The Register report about this. 2010/11/30 Maciej Gojny <vuln () ariko-security com> Hello Full Disclosure ! Today i have found next SQL injection in facebook.com Details: http://blog.ariko-security.com/?p=82 Full advisory will be released soon! Regards, Maciej Gojny
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- new facebook SQL injection vulnerability Maciej Gojny (Nov 30)
- Re: new facebook SQL injection vulnerability Benji (Nov 30)
- Re: new facebook SQL injection vulnerability Maciej Gojny (Nov 30)
- Re: new facebook SQL injection vulnerability Benji (Nov 30)
- Re: new facebook SQL injection vulnerability Reed Loden (Nov 30)
- Re: new facebook apps SQL injection vulnerability Maciej Gojny (Nov 30)
- Re: new facebook SQL injection vulnerability Benji (Nov 30)
- Re: new facebook SQL injection vulnerability Maciej Gojny (Nov 30)
- Re: new facebook SQL injection vulnerability Benji (Nov 30)