www.kiel.de – the website of the state capital of “Schleswig-Holstein” in northern Germany which is very famous for the “Kieler Woche“. Some weeks ago I stumbled over a critical SQL-Injection vulnerability on their website and immediatley notified the webmaster about the flaw and its importance. Using this vulnerability an attacker could inject and execute arbitrary SQL-Commands on the affected application database which could result in a complete database and application compromise, which is…well…do you remember the Sony breach ?!
It took some time (around 3 weeks) until I received a response to my notifications from the webmaster, but the vulnerability was fixed pretty fast after that :-). Great news! Thanks for the very professional and friendly contact.