Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Knorr.de SQL Injection and XSS Vulnerabilities
From: Sebastian Bauer <sbauer () gjl-network net>
Date: Fri, 02 Mar 2007 15:46:22 +0100
The point why I rated those problems as high risk was that due to this  
problems free access to all user data was possible.

And problems that will offer any kind of user data (including  
unencrypted passwords) is a significant security risk from my point of  
view (see the latest problems regarding StudiVZ).

A lot of people are using the same password for websites, email and so  
on. And getting a password using this security hole makes it also  
possible to log in to a lot of email accounts that don't belong to you.

-- 

==============================
Sebastian Bauer
http://blog.gjl-network.net


Zitat von Knud Erik Højgaard <kokanin () gmail com>:


On 3/2/07, sbauer () gjl-network net <sbauer () gjl-network net> wrote:


Significance: Very Critical


For who, the sauce-people? Not for me.


All problems found have been discussed with Unilever, the mother
company of Knorr and
have been fixed before the release of this document.


Sooo, why should anyone besides you and the sauce-people care?

--
kokanin






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]