Homepage von Oliver Weikert

Sicherheitsforschung

In der Sicherheitsforschung werden Sicherheitslücken aktiv gesucht und an die Verantwortlichen gemeldet werden. Das Ziel ist es, dass Sicherheitslücken entdeckt und bereits behoben wurden, bevor sie aktiv für böswillige Zwecke ausgenutzt werden.

Leider reagieren die meisten Hersteller und Betreiber hier nicht sehr kooperativ. So werden gemeldete Sicherheitslücken meist entweder heruntergespielt (nur „Testdaten“) oder sogar abgestritten (bereits durch „interne Audits“ gefunden) oder es erfolgt überhaupt keine Antwort.

Ich behalte wir vor, gemeldete, aber noch nicht behobene Sicherheitslücken nach einer angemessenen Zeit (aktuell gehe ich bei 90 Tagen als „angemessen“ aus, verlängere diesen Zeitraum aber gerne bei wirklich schweren Lücken oder auf nachvollziehbare Anfrage) zu veröffentlichen.

Vor mir gefundene und gemeldete Sicherheitslücken:

SoftwareVersionSchwachstellentyp
Board 511.0Leak of Sensitive Data
BRILLANT & CO WebsiteSQL Injection
egavilanmedia Login System1.0SQL Injection
felixsaid Car Rental Management System1.0Multiple SQL Injections
janobe Baby Care System1.0Multiple SQL Injections
janobe Cemetery Mapping System1.0Multiple SQL Injections
janobe Class Record System1.0Multiple SQL Injections
janobe Grading System1.0Multiple SQL Injections
janobe Hotel Reservation System1.0Multiple SQL Injections
janobe Job Search System1.0Multiple SQL Injections
janobe Library System1.0Multiple SQL Injections
janobe Pharmacy Management System1.0Multiple SQL Injections
janobe Vehicle Management System1.0SQL Injection
jkev Learning Management System1.0SQL Injection
mayuri_k Advocate Office Management System1.0Multiple SQL Injections
mayuri_k Billing System1.0Multiple SQL Injections
mayuri_k Canteen Management System1.0Multiple SQL Injections
mayuri_k Church Management System1.1SQL Injection
mayuri_k Courier Management System1.0Multiple SQL Injections
mayuri_k Diagnostic Lab Management System1.0Multiple SQL Injections
mayuri_k Employee Management System1.0Multiple SQL Injections
mayuri_k E-Pass Management System1.0Multiple SQL Injections
mayuri_k Fee Management System1.0Multiple SQL Injections
mayuri_k Garage Management System1.0Multiple SQL Injections
mayuri_k Gas Agency Management System1.0Multiple SQL Injections
mayuri_k Gym Management System1.0Multiple SQL Injections
mayuri_k Hospital Management System1.0Multiple SQL Injections
mayuri_k Inventory Management System1.0Multiple SQL Injections
mayuri_k Lead Management System1.0Multiple SQL Injections
mayuri_k Loan Management System1.0Multiple SQL Injections
mayuri_k Parking Management System1.0Multiple SQL Injections
mayuri_k Pet Grooming Management System1.0Multiple SQL Injections
mayuri_k Petrol Pump Management System1.0Multiple SQL Injections
mayuri_k Pharmacy Management System1.0Multiple SQL Injections
mayuri_k Practice Management System1.0Multiple SQL Injections
mayuri_k SACCO Management System1.0Multiple SQL Injections
mayuri_k Salon Management System1.0Multiple SQL Injections
mayuri_k Task Management System1.0Multiple SQL Injections
mayuri_k Tours & Travel Management System1.0Multiple SQL Injections
Nabopoll1.1.2Multiple SQL Injections
OpenDCIM23.04Cross Site Scripting
oretnom23 AC Repair and Services Management System1.0Multiple SQL Injections
oretnom23 Ahira1.0Multiple SQL Injections
oretnom23 Air Cargo Management System1.0Multiple SQL Injections
oretnom23 Art Gallery Management System1.0Multiple SQL Injections
oretnom23 Badminton Court Management System1.0Multiple SQL Injections
oretnom23 Bank Management System1.0Multiple SQL Injections
oretnom23 Banking System1.0Multiple SQL Injections
oretnom23 Blood Bank Management System1.0Multiple SQL Injections
oretnom23 Book Store Management System1.0Multiple SQL Injections
oretnom23 Bus Booking System1.0Multiple SQL Injections
oretnom23 Cab Management System1.0Multiple SQL Injections
oretnom23 Computer Aided Instruction in World Literature1.0Multiple SQL Injections
oretnom23 Car Driving School Management System1.0Multiple SQL Injections
oretnom23 Church Management System1.0Multiple SQL Injections
oretnom23 Clinic Patient Management System2.0Multiple SQL Injections
oretnom23 Computer Laboratory Management System1.0Multiple SQL Injections
oretnom23 Construction Project Management System1.0Multiple SQL Injections
oretnom23 Content Management System0.1Multiple SQL Injections
oretnom23 Customer Relationship Management System1.0Multiple SQL Injections
oretnom23 Customer Support System1.0Multiple SQL Injections
oretnom23 Dormitory Management System1.0Multiple SQL Injections
oretnom23 Enrollment System1.0Multiple SQL Injections
oretnom23 Event Management System1.0Multiple SQL Injections
oretnom23 Event Registration and Attendance System1.0Multiple SQL Injections
oretnom23 Faculty Scheduling System1.0Multiple SQL Injections
oretnom23 File Management System1.0Multiple SQL Injections
oretnom23 Fire Reporting System1.0Multiple SQL Injections
oretnom23 Flight Booking System1.0Multiple SQL Injections
oretnom23 Food Ordering System1.0Multiple SQL Injections
oretnom23 Gym Management System1.0Multiple SQL Injections
oretnom23 Hotel Management System1.0Multiple SQL Injections
oretnom23 House Rental Management System1.0Multiple SQL Injections
oretnom23 Human Resources Management System1.0Multiple SQL Injections
oretnom23 Internship Timesheet System1.0Multiple SQL Injections
oretnom23 Judging Management System1.0Multiple SQL Injections
oretnom23 Laundry Management System1.0Multiple SQL Injections
oretnom23 Leave Management System1.0Multiple SQL Injections
oretnom23 Loan Management System1.0Multiple SQL Injections
oretnom23 Lodge Reservation Management System1.0Multiple SQL Injections
oretnom23 Medicine Ordering System1.0Multiple SQL Injections
oretnom23 Medicine Tracking System1.0Multiple SQL Injections
oretnom23 Mobile Store Management System1.0Multiple SQL Injections
oretnom23 Online Diagnostics Lab Management System1.0Multiple SQL Injections
oretnom23 Online Discussion Forum System1.0Multiple SQL Injections
oretnom23 Online Marriage Registration System1.0Multiple SQL Injections
oretnom23 Pharmacy Sales Inventory System1.0Multiple SQL Injections
oretnom23 Prison Management System1.0Multiple SQL Injections
oretnom23 Project Time Management System1.0Multiple SQL Injections
oretnom23 Railway Reservation System1.0Multiple SQL Injections
oretnom23 Realtime Quiz System1.0Multiple SQL Injections
oretnom23 Repair Shop Management System1.0Multiple SQL Injections
oretnom23 Sales Inventory System1.0Multiple SQL Injections
oretnom23 Sanitization Management System1.0Multiple SQL Injections
oretnom23 School Fees Management System1.0Multiple SQL Injections
oretnom23 School Log Management System1.0Multiple SQL Injections
oretnom23 Service Provider Management System1.0Multiple SQL Injections
oretnom23 Simple Bidding System1.0Multiple SQL Injections
oretnom23 Simple Customer Relationshop Management System1.0Multiple SQL Injections
oretnom23 Simple Invoice System1.0Multiple SQL Injections
oretnom23 Sports Complex Booking System1.0Multiple SQL Injections
oretnom23 Students Attendance Management System1.0Multiple SQL Injections
oretnom23 Task Management System1.0Multiple SQL Injections
oretnom23 Theme Park Ticketing System1.0Multiple SQL Injections
oretnom23 Traffic Offense Management System1.0Multiple SQL Injections
oretnom23 Vacation Tracking System1.0Multiple SQL Injections
oretnom23 Vehicle Parking Area Management System1.0Multiple SQL Injections
oretnom23 Vehicle Service Management System1.0Multiple SQL Injections
oretnom23 Yoga Class Registration System1.0Multiple SQL Injections
razormist Complaint Management System1.0Multiple SQL Injections
Sportzentrum Vaterstetten WebsiteSQL Injection
Storm Warning Paintball (Kanada)Multiple SQL Injections