UPDATE 9/26/11: The author submitted a redacted version of the article HERE
* * *
EDITORS NOTE: This article has been temporarily redacted at the request of the author. It seems the article, which has drawn significant attention from our readers since being posted, has also drawn the attention of law enforcement.
From the author:
In June of this year, I found a very serious SQL Injection vulnerability in the website of local Fashion Designer Julian Chang. The SQLi would give the attacker access to customer information saved to their backend database, including CC numbers, names, address, and phone number.
I have attempted to contact them via e-mail over 5 times, as well as by phone. I have yet to receive a response from them. Complaints have been filed with the BBB, FTC, and US-CERT. I was also able to get in contact with law enforcement to discuss how to fix this issue.
Out of concern for the privacy of the user data during this time, I have requested this posting to be taken down temporarily, until the issue is resolved, and the customer data secure.
I apologize for the inconviniance, as I'm aware the article was getting alot of notice since being posted. Once this issue is resolved, I will be posting up the article once again, with new updates and information regarding what steps were taken to fix the problem.