Hello,

I have exposed SQL Injection points to several national companies. Each of the 4 was done with nothing more than a WAITFOR DELAY statement to prove a valid point. Each of the 4 companies requested the info. I provided complete cooperation and documentation as the problem was resolved. Each of the 4 companies has subsequently avoided any response to my inquiry regarding their actions with regard to possible exploitation of their database that may have resulted in theft, alteration or database replication.

http://securityfocus.com/news/5968

http://www.securityfocus.com/news/1984

I did not steal anything or access any information via the injection point, though it was/is totally possible. I contacted the California State Attorney General with no success. Does anyone know a lawyer that can handle data theft with regard to SB 1386?

Thanks,

.Net³

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6888/22072#22072