WHID 2007-12: SQL injection at knorr.de login page

While vulnerabilities in public web sites are dime a dozen this days and rarely included in WHID, a classic SQL injection in the login form on the home page of the web site of a very big company is worth an entry. In my presentation I usually claim that such vulnerabilities have disappeared years ago and then go on to show advanced SQL injection techniques. It seems that they exit.

Additional information:

• Knorr.de SQL Injection and XSS Vulnerabilities [Sebastian Bauer, Mar 2 2007]