Magento Expert Forum - Improve your Magento experience
-
Reporting SQL Vulnerability
My first post here so i'll hopefully keep it simple.
I have just finished building a CMS targeted at a certain industry and built a test site to see how everything works.
Anyway I wrote a program to check for sql injection vulnerabilities and the program followed a blog link to an external website.
The program discovered that the external site had a massive vulnerability that left it open to practically anyone who could then access every bit of data on their MYSQL Server and run queries etc. The thing is this external site is the brand leader in their industry and do millions upon millions of sales per annum. I have tried contacting them to let them know and even went as far as contacting the company that built their platform (Magento) but I was pretty much brushed off and haven't heard back from them. Their database would contain the details of hundreds of thousands of customers and all their data. I could easily make myself site admin etc in a few seconds but they won't listen to me even though I have offered to share the vulnerability with them and help in anyway I can.
Is there anything else I can do because it is one of the biggest security risks I have ever personally come across. Is there any other steps I should take to report this?
Thanks
View more threads in the same category:
-
-
APPLIES TO: yesSQL Server yesAzure SQL Database noAzure SQL Data Warehouse noParallel Data Warehouse
SQL Vulnerability Assessment is an easy to use tool that can help you discover, track, and remediate potential database vulnerabilities. Use it to proactively improve your database security.
-
-
... vulnerabilities. This SQL Injection instrument identifies sites powerless against SQL Injection assaults. ... Test Report. Here is a SQL Injection Scanner test report:.
-
-
We value @spaceraccoon's reasonable and careful report, which helped ... @spaceraccoon found a SQL Injection powerlessness in a web
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks