As you remember - a
Symantec-run website was vulnerable to
Blind SQL Injection problems that reportedly exposes a wealth of potentially
sensitive information. Now we have a full story...
A secured bad parameter allows full access to Symantec servers, allows access
to many sensitive data stored on this server. So, it seems quite strange how a
company like Symantec, which sells software and security solutions, the famous
Norton for example, wants to protect ourselves. Instead, it is not able to
protect its own database. Let’s see what actually is.
Blind SQL Injection is not as spectacular as a normal SQL injection, as the
error (the result of injection) does not appear on the website. It is based on
the concept of true and false. When “i put a question” real server (and 1 = 1 in
our case), we will answer truly, that page is loading properly.
