http://apps.facebook.com/buysalepals/viewuser.php?u=100000423643201'
2010/11/30 Reed Loden <[email protected]> > What I believe Benji is saying is that it looks (from the little > information you posted) like you just found a SQL injection in a > facebook app, which is not the same thing as finding a SQL injection in > facebook.com's actual code. Apps are not run by facebook, so it's > unsurprising that some random app would have a SQL injection > vulnerability. > > ~reed > > On Wed, 1 Dec 2010 00:51:35 +0100 > Maciej Gojny <[email protected]> wrote: > > > Benji@ > > > > I dont understand You, I have access to whole DB... so go to school.. bye > > > > regards, > > > > Maciej > > > > Wiadomość napisana przez Benji w dniu 2010-12-01, o godz. 00:47: > > > > > so if I upload a 'hacked by benji' html file to my google sites > account, by your logic this would count as hacking Google. > > > > > > Cant wait to see The Register report about this. > > > > > > 2010/11/30 Maciej Gojny <[email protected]> > > > Hello Full Disclosure ! > > > > > > Today i have found next SQL injection in facebook.com > > > > > > Details: > > > > > > http://blog.ariko-security.com/?p=82 > > > > > > Full advisory will be released soon! > > > > > > Regards, > > > > > > Maciej Gojny >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
