LandzDown Forum

It is known by many as  February 7, 2009  I found a SQL Injection vulnerability in  Kaspersky USA . When security sites and databases Kaspersky has been audited by an  uber specialist, David Litchfield . But it seems that  the story of vulnerabilities continue  … This time parameter is vulnerable on a page in  Malaysia and in Singapore . The vulnerability affects all databases in Southeast Asia.
Vulnerable parameter gives us full access to databases on the server. Databases that contain personal data and logging of user, administrator, activation codes for various licenses, order and shop details, etc .. Compared to Symantec, even here the passwords are stored in encrypted form .. added to Kaspersky. Gloves, however, a HUGE mistake, is that the number of hits in the results page is not restricted, as  in the page appear and up to 10,000 results for a single sql query . What makes it easy for a hacker who wants to steal, to save the data.