[OpenIndiana-discuss] mySQL

[Sorin Stoiana]

This is an application problem (i.e. the website written in PHP), not a
security issue in the software packages.

Bad programming practices are to blame here. No need to flame.

$0.02

On Tue, Mar 29, 2011 at 11:33 AM, Gabriel de la Cruz <
gabriel.delacruz at gmail.com> wrote:

> Web Server           :   Apache/2.2.15 (Fedora)  <------Wow!
> Powered-by           :   PHP/5.2.13
> Injection Type        :   MySQL Blind
>
> Here is how to patch your system:
>
> Glassfish
> Java
> PostgreSQL
>
>
> ;-P
>
> And problem solved...
>
>
> On Tue, Mar 29, 2011 at 11:14 AM,  <openindiana at out-side.nl> wrote:
> > Well, it would be extra painful if they were running on an Oracle
> database
> > ;-)
> >
> > -----Oorspronkelijk bericht-----
> > Van: Apostolos Syropoulos [mailto:asyropoulos at yahoo.com]
> > Verzonden: maandag 28 maart 2011 21:18
> > Aan: lista solaris; openindiana
> > Onderwerp: [OpenIndiana-discuss] mySQL
> >
> > Vulnerable Target  : http://mysql.com/customers/view/index.html?id=1170Host
> > IP                  :   213.136.52.29
> > Web Server           :   Apache/2.2.15 (Fedora)  <------Wow!
> > Powered-by           :   PHP/5.2.13
> > Injection Type        :   MySQL Blind
> > Current DB             :   web
> >
> >
> > from
> >
> >
> > http://seclists.org/fulldisclosure/2011/Mar/309
> >
> > ----------------------
> > Apostolos Syropoulos
> > Xanthi, Greece
> >
> >
> >
> >
> > _______________________________________________
> > OpenIndiana-discuss mailing list
> > OpenIndiana-discuss at openindiana.org
> > http://openindiana.org/mailman/listinfo/openindiana-discuss
> >
> >
> >
> >
> > _______________________________________________
> > OpenIndiana-discuss mailing list
> > OpenIndiana-discuss at openindiana.org
> > http://openindiana.org/mailman/listinfo/openindiana-discuss
> >
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>