Anyway the main point that I was wondering before is: What's happen if the sql inj bot was smarter? (For example: Using "obfuscation" technique)
Probably nothing because iTunes sanitized the input. 2011/4/1 Benji <[email protected]> > Is that a yes or a no? > > On 4/1/11, matador matador <[email protected]> wrote: > > I am 15 years old :) > > > > 2011/4/1 Benji <[email protected]> > > > >> No they don't. All your link implies is that either a) someone > >> compromised the itunes account associated with that band and added the > >> script, or b) it was injected into place. > >> > >> However at no point is the javascript executed. > >> > >> Sigh, do you have a CSSIP aswell? > >> > >> On 4/1/11, matador matador <[email protected]> wrote: > >> > Seems that Websense agree with me... > >> > > >> > > >> > http://community.websense.com/blogs/securitylabs/archive/2011/03/29/lizamoon-mass-injection-28000-urls-including-itunes.aspx > >> > > >> > ... or better they copy and paste my trivial link ... LOL! :))) > >> > > >> > 2011/3/29 Cal Leeming <[email protected]> > >> > > >> >> Unconfirmed, seems to escape fine for me. > >> >> > >> >> On Tue, Mar 29, 2011 at 3:22 PM, matador matador > >> >> <[email protected]>wrote: > >> >> > >> >>> Enjoy! :) > >> >>> > >> >>> http://www.google.com/search?q=lizamoon.com+site%3Aapple.com > >> >>> > >> >>> _______________________________________________ > >> >>> Full-Disclosure - We believe in it. > >> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> >>> Hosted and sponsored by Secunia - http://secunia.com/ > >> >>> > >> >> > >> >> > >> > > >> > > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
