Penetration Testing [complete]
Maverick from igmdb.org was so kind to inform us about an SQL Injection vulnerability that still wasn't fixed.
Because of that I have be running a tool that Maverick recommended in order to test the website for further vulnerabilites for more than 6 hours.
Those actions were carried out by testuser, who (as expected) left a hot mess of more than 14000 posts and comments and many other actions (I got more than 1600 PMs from the user).
Thus I decided to reset the database to the state of 2016-03-05T18:09Z, which means a loss of your comments during the penetration (sorry), but I figured it was easier than properly cleaning up after the user.
No further SQL Injection Vulnerabilities have been found.
Last changed: 5. March 2016 19:44
Last changed: 6. March 2016 06:23