Fox Pt.II

Publicated on : 1185262925
After this 'breaking news' of file disclosure last day, I went on and had a look at their whole site from a distance. A few non malicious vectors learned me that they have cross site scripting holes, but more important SQL injection points and Cold Fusion HTML and SQL injection. I will not disclose them here nor to Fox. No free lunch this time, I hope they will take this very seriously and hire a proper security auditor to pentest their whole system. Let this be a wakeup call.

If anyone wants to learn more about web application security and is in need of security, I would suggest to contact one of the two companies below. Because they are just simply the best in protecting/-auditing your web applications:

http://www.sectheory.com
http://www.whitehatsec.com

'nuff said.