The grey hat hacker from Germany known as D35m0nd142 identified an SQL Injection vulnerability on the official site of the Recording Industry Association of America (RIAA).
The hacker describes the security hole as, “an SQL flaw with possible denial of service attack using #refref or any similar tool and Directory Disclosure.”
The grey hat published three screenshots that demonstrate the effects of this particular flaw.
He also leaked database information from a Pakistani government site after leveraging a blind SQL Injection vulnerability. The website belongs to the country’s Federal Public Service Commission.
According to D35m0nd142, in both cases the site’s administrators were notified on the presence of the issues.