More SQL Injection Vulnerabilities Plague BitDefender
The Romanian hacker going by the name of “Unu” (“One” roughly translated) has uncovered that the official web page of BitDefender, company that specializes in providing security software solutions, is vulnerable to SQL injection. Do not confuse this with Unu’s previous discovery that BitDefender Portugal leaks sensitive and confidential data.
According to Unu, he attempted to contact BitDefender and inform them about the security holes affecting their official web page, but since no email address is provided, all he could do is send the webmaster a comment. He find it very frustrating that a company as prestigious as BitDefender is not capable of securing their database, let alone provide adequate contact info.
“On their contact link, you can send a few words to the webmaster, which I did and to which I didnt get any reply. And the vulnerability persists. Therefore, knowing they read our articles, I will let them know here that they have a vulnerable parameter. And this time its not on one of their partner websites but on their own website. This parameter gives access to the DB. I will not publish too much now as I am waiting for the problem to be solved,” says Unu.
This is not the first time that Unu blows the whistle on some of the biggest names in the security industry and their SQL injection vulnerability. Before BitDefender Portugal which we mentioned above he exposed Kaspersky (the USA web page leaked confidential data by means of SQL injection) and F-secure (vulnerable to SQL injection, did not leak sensitive data).
It must be noted that Unu uncovered the security issue this weekend, Sunday the 15th of January to be more precise; it has been well over a day and BitDefender has yet to provide any response. Details about the vulnerability are being held back by Unu until the problem is addressed. The only thing we know for sure is that the SQL injection vulnerability is to be found in the “News” section of BitDefender’s page.
Tags: BitDefender, SQL
According to Unu, he attempted to contact BitDefender and inform them about the security holes affecting their official web page, but since no email address is provided, all he could do is send the webmaster a comment. He find it very frustrating that a company as prestigious as BitDefender is not capable of securing their database, let alone provide adequate contact info.
Advertising
“On their contact link, you can send a few words to the webmaster, which I did and to which I didnt get any reply. And the vulnerability persists. Therefore, knowing they read our articles, I will let them know here that they have a vulnerable parameter. And this time its not on one of their partner websites but on their own website. This parameter gives access to the DB. I will not publish too much now as I am waiting for the problem to be solved,” says Unu.
This is not the first time that Unu blows the whistle on some of the biggest names in the security industry and their SQL injection vulnerability. Before BitDefender Portugal which we mentioned above he exposed Kaspersky (the USA web page leaked confidential data by means of SQL injection) and F-secure (vulnerable to SQL injection, did not leak sensitive data).
It must be noted that Unu uncovered the security issue this weekend, Sunday the 15th of January to be more precise; it has been well over a day and BitDefender has yet to provide any response. Details about the vulnerability are being held back by Unu until the problem is addressed. The only thing we know for sure is that the SQL injection vulnerability is to be found in the “News” section of BitDefender’s page.
Tags: BitDefender, SQL
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
More SQL Injection Vulnerabilities Plague BitDefender
HTML Linking Code
HTML Linking Code