DIVD-2021-00033 - Sites with Potential SQL-Injection
| Our reference | DIVD-2021-00033 |
| Case lead | Victor Pasman |
| Author | Célistine Oosting |
| Researcher(s) | |
| CVE(s) |
|
| Product | n/a |
| Patch status | n/a |
| Status | Closed |
| Last modified | 12 Aug 2022 11:21 |
Summary
We obtained a list of sites potentially vulnerable to SQL-Injection attacks in November of 2021. We started scanning the domains in the list we obtained for SQL-Injection vulnerabilities. The owners of the confirmed vulnerable sites will be notified by us via email.
What we are doing
We started scanning the potentially vulnerable sites to see if they really were vulnerable to SQL-Injection attacks and will notify the owners of the sites confirmed vulnerable to this type of attacks.
Timeline
| Date | Description |
|---|---|
| 16 Nov 2021 | We obtained a list with domains potentially vulnerable to SQL-Injection |
| 17 Nov 2021 | We scanned the potentially vulnerable sites for the first time |
| 18 Nov 2021 | The results of the first scan were shared with the case researchers |
| 12 Jan 2022 | We obtained new results and shared them with the case researchers |
| 27 Jan 2022 | First version of the casefile published |
|
27 Jan 2022- 30 Jan 2022 |
We started mailing the owners of the vulnerable sites |
| 30 Jan 2022 | All notifications have been sent to affected parties |
| 09 Feb 2022 | With all vulnerable parties notified, this case is closed for DIVD. |
gantt
title DIVD-2021-00033 - Sites with Potential SQL-Injection
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2021-00033 - Sites with Potential SQL-Injection (85 days) :2021-11-16, 2022-02-09
section Events
We obtained a list with domains potentially vulnerable to SQL-Injection : milestone, 2021-11-16, 0d
We scanned the potentially vulnerable sites for the first time : milestone, 2021-11-17, 0d
The results of the first scan were shared with the case researchers : milestone, 2021-11-18, 0d
We obtained new results and shared them with the case researchers : milestone, 2022-01-12, 0d
First version of the casefile published : milestone, 2022-01-27, 0d
We started mailing the owners of the vulnerable sites (3 days) : 2022-01-27, 2022-01-30
All notifications have been sent to affected parties : milestone, 2022-01-30, 0d
With all vulnerable parties notified, this case is closed for DIVD. : milestone, 2022-02-09, 0d