Julien Ahrens

Vulnerability Intel | ROP Gadget Hunter | Privacy Enthusiast | Full-time BugBounty hunter | @Hacker0x01 MVH | @SynackRedTeam member | on a world-trip

Critical vulnerability on Kiel.de fixed

08 Jun 2012 » Coordinations

www.kiel.de - the website of the state capital of  ”Schleswig-Holstein” in northern Germany which is very famous for the “Kieler Woche”. Some weeks ago I stumbled over a critical SQL-Injection vulnerability on their website and immediatley notified the webmaster about the flaw and its importance. Using this vulnerability an attacker could inject and execute arbitrary SQL-Commands on the affected application database which could result in a complete database and application compromise, which is…well…do you remember the Sony breach ?!

It took some time (around 3 weeks) until I received a response to my notifications from the webmaster, but the vulnerability was fixed pretty fast after that :-). Great news! Thanks for the very professional and friendly contact.