[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] new facebook SQL injection vulnerability
- To: Maciej Gojny <vuln@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] new facebook SQL injection vulnerability
- From: Reed Loden <reed@xxxxxxxxxxxxx>
- Date: Tue, 30 Nov 2010 15:59:28 -0800
What I believe Benji is saying is that it looks (from the little
information you posted) like you just found a SQL injection in a
facebook app, which is not the same thing as finding a SQL injection in
facebook.com's actual code. Apps are not run by facebook, so it's
unsurprising that some random app would have a SQL injection
vulnerability.
~reed
On Wed, 1 Dec 2010 00:51:35 +0100
Maciej Gojny <vuln@xxxxxxxxxxxxxxxxxx> wrote:
> Benji@
>
> I dont understand You, I have access to whole DB... so go to school.. bye
>
> regards,
>
> Maciej
>
> Wiadomość napisana przez Benji w dniu 2010-12-01, o godz. 00:47:
>
> > so if I upload a 'hacked by benji' html file to my google sites account, by
> > your logic this would count as hacking Google.
> >
> > Cant wait to see The Register report about this.
> >
> > 2010/11/30 Maciej Gojny <vuln@xxxxxxxxxxxxxxxxxx>
> > Hello Full Disclosure !
> >
> > Today i have found next SQL injection in facebook.com
> >
> > Details:
> >
> > http://blog.ariko-security.com/?p=82
> >
> > Full advisory will be released soon!
> >
> > Regards,
> >
> > Maciej Gojny
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/