[Full-disclosure] taking their revenge @ cisco
Todd Towles
toddtowles at brookshires.com
Thu Aug 4 20:26:45 BST 2005
Well, I won't fight that one. But web-app holes are well understood and
are not related to problems found in the IOS. I really don't see how
people can confuse them.
> -----Original Message-----
> From: full-disclosure-bounces at lists.grok.org.uk
> [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf
> Of Michael Holstein
> Sent: Thursday, August 04, 2005 2:01 PM
> To: full-disclosure at lists.grok.org.uk
> Subject: Re: [Full-disclosure] taking their revenge @ cisco
>
> > It have nothing to do with a IOS at all. All the other SQL
> injection
> > that happen in the world have nothing to do with Cisco IOS
> flaws. This
> > is a pure case of the search function being open to SQL injection.
> > Therefore it is a design/code problem in one of the three web-app
> > tiers of the website.
>
> Yeah .. but I guess their "Self Defending Network" well, um ...
>
> DIDN'T.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Full-Disclosure is hosted and sponsored by Secunia.