Managed to penetrate to their internal oracle db, that stores all the confidential informations, enough to proved to them how severe the exploit was. So i send them a reports with sample data gathered and all urls/uris/pages affected to their developers.
The action taken was to blocked/denied my vps static ip address (from where i did the penetration test) instead of repairing their codes that only takes few minutes to repair.
And tonight I still can penetrate through my DSL dynamic connection and it is not just about me , the whole world too...
this is lame guys ... please sanitize your codes...
07th April 2010:
-------------------
latest updates ... they actually blocked my ip only for one reason, my ip is making lots of connection and consuming/slowing down their bandwidth/server ... now the banned has been removed becoz of "miss-understanding" , but still exploitable...
ok enough of this crap i'm not security dude by profession, better concentrate on my own projects from now on...
No comments:
Post a Comment