More SQL Injection Vulnerabilities Plague BitDefender
Article by George Norman
On 16 Feb 2009
The Romanian hacker going by the name of “Unu” (“One” roughly translated) has uncovered that the official web page of BitDefender, company that specializes in providing security software solutions, is vulnerable to SQL injection. Do not confuse this with Unu’s previous discovery that BitDefender Portugal leaks sensitive and confidential data.

According to Unu, he attempted to contact BitDefender and inform them about the security holes affecting their official web page, but since no email address is provided, all he could do is send the webmaster a comment. He find it very frustrating that a company as prestigious as BitDefender is not capable of securing their database, let alone provide adequate contact info.

Advertising

“On their contact link, you can send a few words to the webmaster, which I did and to which I didnt get any reply. And the vulnerability persists. Therefore, knowing they read our articles, I will let them know here that they have a vulnerable parameter. And this time its not on one of their partner websites but on their own website. This parameter gives access to the DB. I will not publish too much now as I am waiting for the problem to be solved,” says Unu.

This is not the first time that Unu blows the whistle on some of the biggest names in the security industry and their SQL injection vulnerability. Before BitDefender Portugal which we mentioned above he exposed Kaspersky (the USA web page leaked confidential data by means of SQL injection) and F-secure (vulnerable to SQL injection, did not leak sensitive data).

It must be noted that Unu uncovered the security issue this weekend, Sunday the 15th of January to be more precise; it has been well over a day and BitDefender has yet to provide any response. Details about the vulnerability are being held back by Unu until the problem is addressed. The only thing we know for sure is that the SQL injection vulnerability is to be found in the “News” section of BitDefender’s page.



Tags: BitDefender, SQL
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
More SQL Injection Vulnerabilities Plague BitDefender
HTML Linking Code