picoEVENTS - Database Breach Technical Report
On June 16th, 2017, picoEVENTS was attacked and the Database hacked. Afterwards, picoEVENTS hired mosi security research to analyse this event.
A detailed technical report was written, available for free. While analysing the case, three vulnerabilities were found and reportet to the vendor. The vulnerability documentations can be found on these pages:
- entry.picoevents.ch - SQL-Injection Vulnerability (#mvid6)
- entry.picoevents.ch - Competition Registration ID check fails (#mvid7)
- entry.picoevents.ch - Persistent XSS Attack (#mvid8)
All vulnerabilities have been fixed by the vendor with assistance by mosi security research.