I don't know for sure why this is, but my working hypothesis is that 80% of vulnerability disclosures to to an email inbox that nobody reads, or that is only read by someone who does not understand security and discards them.
I tested the vulnerable links at 12-4-13 7:16 am:
Sites Problems Remediations 1-10 8 SQLi None on 11-14 2 fixed on 12-4 11-20 9 SQLi 1 response, None fixed on 11-14 3 fixed 12-4 21-30 8 SQLi, 2 hosting malware No responses, 3 fixed on 11-14 * 5 fixed on 12-4-13 31-40 9 SQLi No responses, 2 fixed on 11-14 2 fixed 12-4 41-50 10 SQLi 3 fixed on 11-14 4 fixed 12-4 51-60 8 SQLi 2 fixed on 11-14 3 fixed 12-4 61 1 SQLi None on 11-14 none on 12-4 ----------------------------------- ------------------------------------------ ------------------------------------------ Totals 53 SQLi, 2 hosting malware 10 SQLi fixed on 11-14-13
(3 days, 19%)19 fixed 12-4-13
(23 days, 36%)* (changed from an incorrect 2 on 12-4-13)
https://www.facebook.com/DzMafialAnonymousDz/posts/519935964720997
1 c http://www.bme.jhu.edu/people/primary.php?id=915'
2 c http://scriptures.byu.edu/gettalk.php?ID=1698'
4 c http://www.montserrat.edu/news/press-release-item.php?id=107'
5 FIXED c Resp Fixed http://www.wallawalla.edu/index.php?id=13900&catID=30'
6 FIXED c Removed http://kiemlicz.med.virginia.edu/mcsg7/crystal_harvests/index/page:0/target_id:017890'/sort:staff_id/direction:asc
7 c http://cxc.harvard.edu/XATLAS/preview_obs.php?target_id=9'
8 c http://musicweb.ucsd.edu/ugrad/ugrad-pages.php?i=108'
10 c http://www.mbc.edu/career/employment/detail.php?id=493'
11 c http://library.uwb.edu/arttour/detail.php?artistID=4'
12 c Resp Not Fixed 11-12-13; not fixed 11-14-13
http://cwise.ncsu.edu/research/theme.php?id=2'
13 c http://www.nysipm.cornell.edu/news/nysipm_rss_article.php?newsId=138'
14 c http://www.engl.polyu.edu.hk/ENGL_PROG.php?newsid=53'
15 FIXED c Fixed 12-4-13 http://www.creol.ucf.edu/NewsEvents/NewsDetail.aspx?NewsID=426'
16 c http://www.ices.cmu.edu/newsitem.asp?NewsID=781'
18 FIXED c Fixed 12-4-13 http://www.monmouth.edu/newswire/default.aspx?newsID=5886'
19 c http://www3.nd.edu/~ois/news/article.php?newsid=12'%20or%20'a'='a
20 FIXED c Fixed 12-4-13 http://m.morrisville.edu/news/newsinfo.aspx?newsid=16213'&page=0&set=BIZ
21 c http://www.highland.edu/news_events/announcements.asp?newsid=352'
22 c Resp, gift, but not fixed http://www.exploratorium.edu/imaging-station/gallery.php?Section=Introduction'
23 c http://jenny.tfrec.wsu.edu/opm/gallery.php?pn=165'
24 FIXED F Resp, already knew, Fixed http://www.cvn.columbia.edu/review.php?course=IEOR%20E4003&sem=A13'
25 F Vuln on 12-4-13 http://www.arts.cuhk.edu.hk/~lal/index.php?id=9'
26 FIXED F http://som.adzu.edu.ph/newsupdates/index.php?id=1'
27 c http://www.auburn.edu/oit/news/article.php?id=255'
28 FIXED c Fixed 12-4-13 http://dateline.ua.edu/viagra-online-100mg/
29 FIXED h Fixed 12-4-13 http://my.mcm.edu/?Taki=ordering-soft-viagra-online-100mg
30 FIXED h Fixed 12-4-13 http://blogs.chatham.edu/wp-content.bak/plugins/social/OTAwOQ-3D-3D.asp
31 c http://www.umass.edu/ofr/news.php?act=sendNews&id=61'
32 F Vuln on 12-4-13 http://www.bulsu.edu.ph/news.php?id=3'
33 F Vuln on 12-4-13 http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12'
34 c http://events.muohio.edu/event.php?event_id=190427'&sid=11&cid=362&view=cmonth&day=20120125&dayofweek=
35 FIXED c Resp, not fixed on 11-14, fixed on 12-4-13 http://www.setonhill.edu/ncche/event.php?id=11'
36 c http://cepa.maxwell.syr.edu/cdb/event.php?id=44'&flyer=1
37 c http://www.fsl.orst.edu/lemma/main.php?project=imap&id=studyAreas'
39 c http://www.iol.umd.edu/People/person.php?id=tweyrauch'
40 FIXED c Fixed on 12-4-13 http://schultz-appel.missouri.edu/person.php?id=110'&nid=9&PersonName=Heidi++Appel
41 FIXED F Resp Removed http://student.santarosa.edu/~dkrempel/2010fall/cs5513/assn17/detail.php?id=0000025'
42 c http://www1.chaffey.edu/faq/detail.php?faq_id=2'
43 c https://myptc.pulaskitech.edu/acp/StudentEvals/displayCourses.php?StudentID=@@HostID'
44 c http://www2.tesc.edu/course.php?CourseCode=HIS-101'%20or%20'a'='a
45 FIXED c Fixed 12-4-13 http://wwwdata.forestry.oregonstate.edu/forestry/pubs/fmc/slc/courses/course.php?num=FOR441'
46 FIXED F Fixed http://online.darton.edu/degrees/course.php?width=858&height=500&cid=19'
47 c http://www.universitypress.andrews.edu/catalog.php?key=213'
48 c http://storyboard.eden.edu/kiosk/alumni-class.php?slug=1930'
49 FIXED F Removed https://www.egr.msu.edu/chems/class.php?page=29'
50 c http://personal.frostburg.edu/mamorgan0/cosc625/api/class.php?class=Room'
51 FIXED F Fixed http://www.nc-climate.ncsu.edu/climate/groundhog/record.php?year=2013'
52 c http://www.stat.iastate.edu/directory/personal.php?id=mshelley'
55 c Not fixed 11-12-13, still vuln 12-4-13 http://students.ncsu.edu/top54/list.php?id=1'
56 c http://www.rmrs.nau.edu/mistletoe/dyn/results.php?keyw=49'&reftype=keyword
57 FIXED F Resp Fixed http://lib.colostate.edu/wildlife/results.php?q=%22Aardwolf%22&field=fulltopicStr'
58 FIXED c Fixed 12-4-13 http://www.waterbase.glwi.uwm.edu/mmsd/one-survey.php?survey_id=3'
59 c http://flrcvideos.unc.edu/video.php?link=531'
60 c http://www.indstate.edu/news/video.php?videoid=566'
61 c http://www.northlandcollege.edu/services/placement/jobs/job.php?job_id=2327'
Notes:
c: SQLi vuln
F: Fixed
h: Hosting malware