Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Security Blog

January 4th, 2013, 10:59 GMT · By

BLOG

Zynga Fixes XSS and SQL Injection Vulnerabilities on “With Friends” Website

SHARE:

Adjust text size:


SQL Injection vulnerability in Zynga website Enlarge picture - SQL Injection vulnerability in Zynga website
Security researcher Rafay Baloch has identified cross-site scripting (XSS) and SQL Injection vulnerabilities on the “With Friends” website of social game developer Zynga, zyngawithfriends.com.

Shortly after being notified, the company rushed to address the security holes.

“The response and the fix was very quick. As it was a SQL Injection vulnerability they had to fix it very quick as an attacker could have easily dumped the whole database. Therefore, they had fixed it quickly,” Rafay Baloch told me in an email.

Zynga has added the expert to its list of whitehats who reported vulnerabilities to the company in 2012.

To demonstrate the existence of the SQL Injection flaw, the researcher has provided a screenshot.

Back in December, Rafay Baloch was rewarded with $10,000 (8,000 EUR) by PayPal for disclosing a remote code execution vulnerability on paypal.com.

TELL US WHAT YOU THINK:

1,514 hits · 4 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Pakistani Google, Yahoo!, Apple, eBay, PayPal Sites Hacked (Updated)
Microsoft Fixes DOM-Based XSS Flaw in Learning Site After Being Notified by Expert
Researcher Finds XSS Vulnerabilities in cPanel & WHM 11.34 – Video
PayPal Rewards Researcher with $5,000 for Finding Remote Code Execution Flaw
Expert Finds XSS Flaw on eBay After Bypassing “Filtering Mechanisms”

READER COMMENTS:


Comment #1 by: Azimiester on 04 Jan 2013, 11:49 UTC reply to this comment

Yet another achievement rafay, Way to go!

Comment #1.1 by: Rafay Baloch on 04 Jan 2013, 21:43 GMT

Thanks Azeem.


Comment #2 by: ramesh on 04 Jan 2013, 12:53 UTC reply to this comment

nice but you are posting mostly about rafay..show offs..there r many sec researchers who are doing this work..

hope u got it

Comment #2.1 by: Rafay Baloch on 04 Jan 2013, 21:43 GMT

You, Find vulnerabilities and it would also be published, what's the point of show off here...LOL

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use