Hacker Exposes SQL Injection Vulnerabilities on RIAA Site

The grey hat hacker from Germany known as D35m0nd142 identified an SQL Injection vulnerability on the official site of the Recording Industry Association of America (RIAA).

The hacker describes the security hole as, “an SQL flaw with possible denial of service attack using #refref or any similar tool and Directory Disclosure.”

The grey hat published three screenshots that demonstrate the effects of this particular flaw.

He also leaked database information from a Pakistani government site after leveraging a blind SQL Injection vulnerability. The website belongs to the country’s Federal Public Service Commission.

According to D35m0nd142, in both cases the site’s administrators were notified on the presence of the issues.

Those who want to find out more about the hacker can check out the interview we’ve had with him not long ago, as part of our Hackers around the world series.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1