[Full-disclosure] Knorr.de SQL Injection and XSS Vulnerabilities
Sebastian Bauer
sbauer at gjl-network.net
Fri Mar 2 14:46:22 GMT 2007
The point why I rated those problems as high risk was that due to this
problems free access to all user data was possible.
And problems that will offer any kind of user data (including
unencrypted passwords) is a significant security risk from my point of
view (see the latest problems regarding StudiVZ).
A lot of people are using the same password for websites, email and so
on. And getting a password using this security hole makes it also
possible to log in to a lot of email accounts that don't belong to you.
--
==============================
Sebastian Bauer
http://blog.gjl-network.net
Zitat von Knud Erik Højgaard <kokanin at gmail.com>:
> On 3/2/07, sbauer at gjl-network.net <sbauer at gjl-network.net> wrote:
>
>> Significance: Very Critical
>
> For who, the sauce-people? Not for me.
>
>> All problems found have been discussed with Unilever, the mother
>> company of Knorr and
>> have been fixed before the release of this document.
>
> Sooo, why should anyone besides you and the sauce-people care?
>
> --
> kokanin
Full-Disclosure is hosted and sponsored by Secunia.