DIVD-2021-00033 - Sites with Potential SQL-Injection
|Case lead||Victor Pasman|
|Last modified||12 Aug 2022 11:21|
We obtained a list of sites potentially vulnerable to SQL-Injection attacks in November of 2021. We started scanning the domains in the list we obtained for SQL-Injection vulnerabilities. The owners of the confirmed vulnerable sites will be notified by us via email.
What we are doing
We started scanning the potentially vulnerable sites to see if they really were vulnerable to SQL-Injection attacks and will notify the owners of the sites confirmed vulnerable to this type of attacks.
|16 Nov 2021||We obtained a list with domains potentially vulnerable to SQL-Injection|
|17 Nov 2021||We scanned the potentially vulnerable sites for the first time|
|18 Nov 2021||The results of the first scan were shared with the case researchers|
|12 Jan 2022||We obtained new results and shared them with the case researchers|
|27 Jan 2022||First version of the casefile published|
27 Jan 2022-
30 Jan 2022
|We started mailing the owners of the vulnerable sites|
|30 Jan 2022||All notifications have been sent to affected parties|
|09 Feb 2022||With all vulnerable parties notified, this case is closed for DIVD.|