Yup it's true (app) - so the title was NEXT... Wiadomość napisana przez Reed Loden w dniu 2010-12-01, o godz. 00:59:
> What I believe Benji is saying is that it looks (from the little > information you posted) like you just found a SQL injection in a > facebook app, which is not the same thing as finding a SQL injection in > facebook.com's actual code. Apps are not run by facebook, so it's > unsurprising that some random app would have a SQL injection > vulnerability. > > ~reed > > On Wed, 1 Dec 2010 00:51:35 +0100 > Maciej Gojny <[email protected]> wrote: > >> Benji@ >> >> I dont understand You, I have access to whole DB... so go to school.. bye >> >> regards, >> >> Maciej >> >> Wiadomość napisana przez Benji w dniu 2010-12-01, o godz. 00:47: >> >>> so if I upload a 'hacked by benji' html file to my google sites account, by >>> your logic this would count as hacking Google. >>> >>> Cant wait to see The Register report about this. >>> >>> 2010/11/30 Maciej Gojny <[email protected]> >>> Hello Full Disclosure ! >>> >>> Today i have found next SQL injection in facebook.com >>> >>> Details: >>> >>> http://blog.ariko-security.com/?p=82 >>> >>> Full advisory will be released soon! >>> >>> Regards, >>> >>> Maciej Gojny Ariko-Security Rynek Glowny 12 32-600 Oswiecim tel:. +48 33 4741511 mobile: +48 784086818 (Mo-Fr 10.00-20.00 CET) Ariko-Security Sp. z o.o. z siedzibą w Oświęcimiu , zarejestrowana przez Sąd Rejonowy dla m. Krakowa-Śródmieścia, XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS: 00000358273, NIP: 549-239-90-67, REGON 121262172
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
