Full Disclosure: Re: new facebook SQL injection vulnerability

Re: new facebook SQL injection vulnerability

From: Reed Loden <reed () reedloden com>
Date: Tue, 30 Nov 2010 15:59:28 -0800

What I believe Benji is saying is that it looks (from the little
information you posted) like you just found a SQL injection in a
facebook app, which is not the same thing as finding a SQL injection in
facebook.com's actual code. Apps are not run by facebook, so it's
unsurprising that some random app would have a SQL injection
vulnerability.

~reed

On Wed, 1 Dec 2010 00:51:35 +0100
Maciej Gojny <vuln () ariko-security com> wrote:

Benji@

I dont understand You, I have access to whole DB... so go to school.. bye

regards,

Maciej

Wiadomość napisana przez Benji w dniu 2010-12-01, o godz. 00:47:

so if I upload a 'hacked by benji' html file to my google sites account, by your logic this would count as hacking 
Google.

Cant wait to see The Register report about this.

2010/11/30 Maciej Gojny <vuln () ariko-security com>
Hello Full Disclosure !

Today i have found next SQL injection in facebook.com

Details:

http://blog.ariko-security.com/?p=82

Full advisory will be released soon!

Regards,

Maciej Gojny


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

new facebook SQL injection vulnerability Maciej Gojny (Nov 30)
- Re: new facebook SQL injection vulnerability Benji (Nov 30)
  - Re: new facebook SQL injection vulnerability Maciej Gojny (Nov 30)
    - Re: new facebook SQL injection vulnerability Benji (Dec 01)
    - Re: new facebook SQL injection vulnerability Reed Loden (Dec 01)
    - Re: new facebook apps SQL injection vulnerability Maciej Gojny (Dec 01)
    - Re: new facebook SQL injection vulnerability Benji (Dec 01)