Security Vendor susceptible to SQL Injection

By N-Stalker Team on February 9, 2009

According to Hacker’s Blog article on 07-Feb-2009, Russian’s desktop security vendor “Kaspersky” was target of a successful SQL injection attack where an individual was able to retrieve sensitive data such as SQL user’s control table (apparentely a well-known MySQL’s user table containing administrative passwords).

The Russian company denies that sensitive customer data was leaked as you can see in their official statement. SQL Injection is a well-known attack that is aimed on escaping from application control to manipulate SQL queries directly to system’s database. Although this security flaw is sometimes difficult to spot manually, fixing shouldn’t be a problem.

Update: It seems that another security-related website has fallen into the very same problem – A BitDefender reseller (from Portugal) seems to be affected by a similar SQL injection problem according to Hacker’s Blog.

This entry was posted in Community Blog and tagged , , . Bookmark the permalink.