http://www.darkreading.com/vulnerability_management/security/vulnerabilities/showArticle.jhtml?articleID=226900111 By Kelly Jackson Higgins DarkReading Aug 23, 2010 Three years after the United Nations' website was defaced by activist hackers using a SQL injection attack, the site still contains multiple instances of these vulnerabilities. Security researcher Robert Graham, CEO of Errata Security, did his now-annual checkup on the UN site and found that while the UN had removed the bug that was exploited in the August 2007 attack, the site is still rife with multiple SQL injection vulnerabilities. In the 2007 defacement, attackers replaced then-Secretary General Ban Ki-Moon's speeches with some of their own calling for "peace forever" and "no war." The attackers exploited a SQL injection bug. "In what's become a yearly blogpost, the UN still has not fixed the SQL injection problems that led to their website being hacked back in 2007," Graham blogged today. "For example, if you click on 'print this article', then use that URL instead, the SQL injection still works." [...] 5B _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Tue Aug 24 2010 - 00:53:43 PDT
This archive was generated by hypermail 2.2.0 : Tue Aug 24 2010 - 01:02:11 PDT