Hi all. The Microsoft Site: Developerstrore.com , a source for ordering free developer product betas, evaluation kits, and other development resources from Microsoft. For students and faculty, the Academic Developer Store is the source for all Microsoft developer products at discounted Academic prices. This site allow to anybody to view critical customer information, this happen because it's doesn't check user inputs, allowing sql inyection like : http://developerstore.com/devstore/productSearch.asp?searchText=|')%20union%20all%20select%201,name%20from%20sysobjects%20where%20type='U'-- this is one of many huge holes, i'm not going to enumerate every one, i don't work for microsoft :). I just want to tell everyone this very strange situation :). I don't know when they gonna fix it, so don't put your personal info there until they fix it and i you alredy do it humm... it's your problem :). Hey, Microsoft people, why don't you test your webapps? you can use WebSleuth http://www.owasp.org/resources/tools/websleuth/index.shtml it's free, you have to expend only time!!!. Microsoft was contacted. Cesar Cerrudo. Parana, Entre Rios. Argentina. __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 11:54:52 PST