In association with heise online

09 February 2009, 14:15

BitDefender website also leaking [Update]

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

BitDefender's Portuguese website has been found to be vulnerable to SQL injection attacks. Kaspersky's web site was hacked over the weekend using the technique, and now, the same hacker has found that the Portuguese website of the maker of BitDefender AntiVirus is vulnerable to a similar attack. The hacker, who goes by the name of "unu", has published screenshots of the compromise as evidence of the vulnerability.

In both cases the SQL injection attack involved modifying a URL for pages on the site. The site takes parts of the URL and passes them, unfiltered to be used to compose SQL queries. By modifying the appropriate part of the URL, the operation of the SQL query can be interrupted and the attackers SQL query can be run instead, which in turn can reveal information from within the database.

Update: The website in question is not run by BitDefender. Bitdefender.pt is managed by the BitDefender's Portuguese resellers.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-740029
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit