Wednesday, September 2, 2009

SQL Injection on

Another Sql Injection flaw on and this time on
Last time bug exploited by Romanian group called HackersBlog.
See more details at: Facebook hacked – sql injection
I have tried to contact the Staff but since no one responds to my emails I decided to make public this issue.
So now let's see some screen shots:

This bug allows a potential attacker to execute SQL queries directly into the database easily by manipulating the URL.I hope that soon someone will take care.

See also Researcher Launches Facebook Bug Project For September


KT said...

and if it was an agreement with an intelligence agency that you found ?

Anonymous said...

"Posted on February 4th, 2009"

It helps to actually READ.

yas said...

It's seem to be on the apps, inother word on the apps server good luck next time :p