After this 'breaking news' of file disclosure last day, I went on and had a look at their whole site from a distance. A few non malicious vectors learned me that they have cross site scripting holes, but more important SQL injection points and Cold Fusion HTML and SQL injection. I will not disclose them here nor to Fox. No free lunch this time, I hope they will take this very seriously and hire a proper security auditor to pentest their whole system. Let this be a wakeup call. If anyone wants to learn more about web application security and is in need of security, I would suggest to contact one of the two companies below. Because they are just simply the best in protecting/-auditing your web applications:http://www.sectheory.comhttp://www.whitehatsec.com'nuff said.
Fox Pt.II
By secgeeks - Posted on July 25th, 2007
153
vote
Bookmark/Search this post with:
http://www.secgeeks.com/trackback/793
