Magento Expert Forum - Improve your Magento experience

Results 1 to 4 of 4

Reporting SQL Vulnerability

  1. #1
    New member
    Join Date
    Aug 2014
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Reporting SQL Vulnerability

    My first post here so i'll hopefully keep it simple.

    I have just finished building a CMS targeted at a certain industry and built a test site to see how everything works.

    Anyway I wrote a program to check for sql injection vulnerabilities and the program followed a blog link to an external website.

    The program discovered that the external site had a massive vulnerability that left it open to practically anyone who could then access every bit of data on their MYSQL Server and run queries etc. The thing is this external site is the brand leader in their industry and do millions upon millions of sales per annum. I have tried contacting them to let them know and even went as far as contacting the company that built their platform (Magento) but I was pretty much brushed off and haven't heard back from them. Their database would contain the details of hundreds of thousands of customers and all their data. I could easily make myself site admin etc in a few seconds but they won't listen to me even though I have offered to share the vulnerability with them and help in anyway I can.

    Is there anything else I can do because it is one of the biggest security risks I have ever personally come across. Is there any other steps I should take to report this?

    Thanks

    View more threads in the same category:


  2. #2
    Contributor
    Join Date
    Feb 2019
    Posts
    265
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    APPLIES TO: yesSQL Server yesAzure SQL Database noAzure SQL Data Warehouse noParallel Data Warehouse

    SQL Vulnerability Assessment is an easy to use tool that can help you discover, track, and remediate potential database vulnerabilities. Use it to proactively improve your database security.

  3. #3
    Junior Member
    Join Date
    Sep 2018
    Location
    United Kingdom
    Posts
    635
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Default

    ... vulnerabilities. This SQL Injection instrument identifies sites powerless against SQL Injection assaults. ... Test Report. Here is a SQL Injection Scanner test report:.

  4. #4
    Junior Member
    Join Date
    Sep 2018
    Posts
    775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Default

    We value @spaceraccoon's reasonable and careful report, which helped ... @spaceraccoon found a SQL Injection powerlessness in a web

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •