|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: c c (cesarc56
yahoo.com)Date: Thu Jan 10 2002 - 09:30:57 CST
Hi all.
The Microsoft Site: Developerstrore.com , a source for
ordering free developer product betas, evaluation
kits, and other development resources from Microsoft.
For students and faculty, the Academic Developer Store
is the source for all Microsoft developer products at
discounted Academic prices.
This site allow to anybody to view critical customer
information, this happen because it's doesn't check
user inputs, allowing sql inyection like :
http://developerstore.com/devstore/productSearch.asp?searchText=|')%20union%20all%20select%201,name%20from%20sysobjects%20where%20type='U'--
this is one of many huge holes, i'm not going to
enumerate every one, i don't work for microsoft :). I
just want to tell everyone this very strange situation
:).
I don't know when they gonna fix it, so don't put your
personal info there until they fix it and i you alredy
do it humm... it's your problem :).
Hey, Microsoft people, why don't you test your
webapps? you can use WebSleuth
http://www.owasp.org/resources/tools/websleuth/index.shtml
it's free, you have to expend only time!!!.
Microsoft was contacted.
Cesar Cerrudo.
Parana, Entre Rios.
Argentina.
__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]