From: Joe (junk@quickfinger.com)
Date: Thu Jul 18 2002 - 12:00:34 EDT
This only applies to communications that cross state lines. If you,
and the host you are attempting to exploit, are in the same state, it
would fall under state law.
Perhaps the argument could be made that the packets left the state
while travelling between your two machines, but that's a matter for
court precedents.
On Wed, 17 Jul 2002 darrell@cpp.com wrote:
> Check out
>
> http://caselaw.lp.findlaw.com/casecode/uscodes/18/parts/i/chapters/47/sectio
> ns/section_1030.html
>
> I think you'll find your answer
>
> US Title 18: Part I: Chapter 47, Section 1030
>
>
> -----Original Message-----
> From: Deus, Attonbitus [mailto:Thor@HammerofGod.com]
> Sent: Wednesday, July 17, 2002 9:48 AM
> To: Pen-Test
> Subject: SQL Injection Legalities
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> I hesitate asking the group about law, but here goes:
>
> Lets say a site gives you the capability to search their product-base via a
> web input box. You know, the standard search/submit deal.
>
> You type in "bicycle" and it gives you everything that starts with
> "bicycle." Simple enough. As we all know, web app susceptibility to SQL
> injects runs amok; lets say in this case that instead of typing "bicycle,"
> I type "bicycle' or 1=1--" and get all the products. Have I broken the
> law? More specifically, have I broken the law in the US?
>
> One could argue that the site is allowing me to specify what I want to see,
> and all I am doing is typing in what I want... Though the developer may
> not have intended for me to pull up the data like that, does my doing so
> constitute a crime?
>
> I'm not looking for ethical or moral debate here, I am hoping someone has
> some distinct legal experience who knows. Thanks.
>
> AD
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT