To be honest...

[Replies] [Reply] [View by Thread] [Help]
[Back To Security]

Lt Obscurity

You're logic is FAR from flawed, and it's completely viable. I've seen Security Patches punched out for far less then that. And again, to be honest, I think of it as a rather 'script-kiddie' exploit (no offense, see my explenation after this).

I see it as this:

A script kiddie can go to Security Focus, read one of their SQL Injection articles on Blind-Side Injection, read Sam's SQL in 10 minutes guide, figure out what the table names are. Then bam, he posts his specially crafted query, and you have a huge mess of a compromise.

So essentially you have a rather heavy vulnerability, and possible compromise of the entire database.

Damn... You should E-Picket their PHPbb's E-Front Doors :)

But seriously, how hard is it going to be to convince them?

Catch me on CAIRC

#FirewallProject
#CA-UUG
#BSD
#Metal

Replies:

phpBB 2.0.7a And Earlier Security Issues - Ker JeiAr 2004-03-22 04:23:47
- Some Fixes For These Issues - Ret. Ker JeiAr 2004-03-25 12:11:30
  - sweet man :) - LtKer Semper 2004-03-25 16:48:09
    - RE: sweet man :) - Ret. Ker JeiAr 2004-03-25 19:01:33
- Hmmmm ... - Ker JeiAr 2004-03-23 20:40:47
  - Hah. - Lt Obscurity 2004-03-24 03:17:41
- Want Some Opinions - Ker JeiAr 2004-03-23 05:18:00
  - RE: Want Some Opinions - Lt Obscurity 2004-03-23 07:46:48
    - I'm with you, they are on crack with this one... - Ret. Mar Ikioi 2004-03-23 11:00:34
      - RE: I'm with you, they are on crack with this one... - Ker JeiAr 2004-03-23 17:14:55
      - Development Teams Reply - Lt Obscurity 2004-03-23 14:19:18
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 17:17:53
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 17:31:30
        RE: Development Teams Reply - Lt Obscurity 2004-03-23 17:25:16
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 17:33:40
        RE: Development Teams Reply - Lt Obscurity 2004-03-23 18:15:38
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 19:39:35
        RE: Development Teams Reply - Lt Obscurity 2004-03-24 03:14:15
      - Posted to their forum... - Ret. Mar Ikioi 2004-03-23 11:37:22
        RE: Posted to their forum... - Ker JeiAr 2004-03-23 17:49:48
        Argh if someone could delete the post previous - Lt Obscurity 2004-03-23 11:50:55
        Done :) - Ret. Ker JeiAr 2004-03-24 05:31:16
        Hah thanks... - Lt Obscurity 2004-03-24 06:04:35
    - RE: Want Some Opinions - Ker JeiAr 2004-03-23 08:05:01
      - >To be honest... - Lt Obscurity 2004-03-23 08:21:38 <
        RE: To be honest... - Ker JeiAr 2004-03-23 08:32:53
        RE: To be honest... - Lt Obscurity 2004-03-23 08:40:09
        RE: To be honest... - Ker JeiAr 2004-03-23 08:54:05
        RE: To be honest... - Lt Obscurity 2004-03-23 09:07:57
        'respond' :D -nt- - LtKer Bastian 2004-03-23 11:16:40
        RE: To be honest... - Maj zaydana 2004-03-23 09:25:26
        GPL... just fork it. ;) -nt- - Ret. Mar Ikioi 2004-03-23 11:39:41
        Ikioi [more] - Lt Obscurity 2004-03-24 10:21:14

Guest:
Subject:
Message:	On 2004-03-23 08:21:38, Obscurity wrote >You're logic is FAR from flawed, and it's completely viable. I've seen Security Patches punched out for far less then that. And again, to be honest, I think of it as a rather 'script-kiddie' exploit (no offense, see my explenation after this). > >I see it as this: > >A script kiddie can go to Security Focus, read one of their SQL Injection articles on Blind-Side Injection, read Sam's SQL in 10 minutes guide, figure out what the table names are. Then bam, he posts his specially crafted query, and you have a huge mess of a compromise. > >So essentially you have a rather heavy vulnerability, and possible compromise of the entire database. > >Damn... You should E-Picket their PHPbb's E-Front Doors :) > >But seriously, how hard is it going to be to convince them?
Signature:
Optional Image Link:
http://

CyberArmy::Forum v0.6
Generated In 0.01064 seconds