

SQL injection in ESET website allows free NOD32 license - rnhmjoj
http://egyptiangeeks.com/information-security/eset-broken-authentication-vulnerability/

======
mschuster91
Wasn't ESET also the company which got hacked and their IDA 6.2 version spread
all over the internet?

------
JosephRedfern
I might be missing something here, but that demo didn't actually show a free
NOD32 license key being generated, did it?

~~~
darklajid
I think it did - if we're talking about the youtube video.

What he's doing:

\- Show the registration form and the error that you get when your serial is
wrong

\- Intercept that request, (replay it a couple times to - idk - show what that
tool is/does?) change the serial to the ' OR "' value

\- Refresh his Outlook.com account, showing a fresh "Thanks a lot,
registration accepted, these are your credentials" mail

~~~
JosephRedfern
Ah, OK - so the username/password sent via email is what you use to actually
activate NOD32? No serial required?

~~~
mmebane
Last I used NOD32 (~2 years ago), a username and password were required to
activate as well as download updates.

------
mahouse
This is horribly written.

~~~
KhalilK
Clearly, English is not the author's native tongue.

