From: Jeff Robertson (Jeff.RobertsonDigitalInsight.com)
Date: Tue Feb 22 2005 - 06:47:51 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is this the same ChoicePoint mentioned in this newspaper article?

http://www.11alive.com/news/news_article.aspx?storyid=59302

Jeff Robertson
Manager of Web Application Security
Digital Insight

> -----Original Message-----
> From: Daniel [mailto:deepergmail.com]
> Sent: Monday, February 21, 2005 07:26
> To: Richard M. Smith
> Cc: webappsecsecurityfocus.com
> Subject: Re: Odd things going on at the ChoicePoint Web site
>
>
> Whilst the site should be inspecting all input being passed back for
> execution (i mean we are 2005 now and OWASP has been around for long
> enough now), it does seem that your quotes are causing issues.
>
> On a legal note, if you were based in the UK now, you would have
> Scotland yards Computer Crime Unit arresting you under section 1 of
> the computer misuse act :(
>
> Have you contacted Checkpoint?
>
>
>
>
> On Sun, 20 Feb 2005 20:33:50 -0500, Richard M. Smith
> <rmscomputerbytesman.com> wrote:
> > Hi,
> >
> > I just noticed something odd at the ChoicePoint Web site
> > (http://www.choicepoint.com). If I try to search for a double quote
> > character using the little search box at the top of the
> home page, I don't
> > get a search results page and instead the ChoicePoint
> search engine returns
> > a HTTP 500 error code (Internal server error). Is this
> behavior a sign of
> > bigger problems with the ChoicePoint search engine?
> >
> > Also is there any method of determining who's Web site search engine
> > ChoicePoint is using? The base URL for a search results page is:
> >
> > http://www.choicepoint.com/catalog.nsf/cpsearchresults
> >
> > Thanks,
> > Richard M. Smith
> > http://www.ComputerBytesMan.com
> >
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]