Hi!
I'm new to this board and even newer to this topic, so please bare with me.
Lets say that you were running a forum with n-amount of members. The forum software had a security flaw that someone exploited by injecting SQL-queries into a badly designed form, thus getting over some sensitive data. And lets say that you had caught this someone's IP-address while he was doing so - how would/should you proceed from there on?
Most likely, he was behind some sort of proxy. Would that make any work to trace him pointless?
SQL-injection
Started by
TT1TTONE
, Mar 02 2012 08:32 PM
3 replies to this topic
#2
serrath
-
- Members
-
- 181 posts
SUP3R 31337
-
Country:
- Gender:Male
Posted 04 March 2012 - 03:49 PM
You could try for a warrant to get the records of the proxy and try to follow the breadcrumbs home.
#3
Seal
-
- Agents of the Revolution
-
- 2,440 posts
Not a fan of clubs.
-
Country:
- Gender:Male
- Location:Canada
Posted 06 March 2012 - 02:05 PM
I would patch the hole, inform the parties affected by the breach, and enact preventative measures to mitigate further exploitation.
#4
serrath
-
- Members
-
- 181 posts
SUP3R 31337
-
Country:
- Gender:Male
Posted 06 March 2012 - 02:19 PM
I would patch the hole, inform the parties affected by the breach, and enact preventative measures to mitigate further exploitation.
This. Most definitely this.
BinRev is hosted by the great people at Lunarpages!
