Hacker Exposes SQL Injection Vulnerabilities on RIAA Site

The hacker, D35m0nd142, also found flaws on a Pakistani government site

By Eduard Kovacs on April 4th, 2012 08:59 GMT

The grey hat hacker from Germany known as D35m0nd142 identified an SQL Injection vulnerability on the official site of the Recording Industry Association of America (RIAA).

The hacker describes the security hole as, “an SQL flaw with possible denial of service attack using #refref or any similar tool and Directory Disclosure.”

The grey hat published three screenshots that demonstrate the effects of this particular flaw.

He also leaked database information from a Pakistani government site after leveraging a blind SQL Injection vulnerability. The website belongs to the country’s Federal Public Service Commission.

According to D35m0nd142, in both cases the site’s administrators were notified on the presence of the issues.

Those who want to find out more about the hacker can check out the interview we’ve had with him not long ago, as part of our Hackers around the world series.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1
Vulnerability on the site of RIAA
3 photos
   Vulnerability on the site of RIAA

RIAA Vulnerabilities (3 Images)

Gallery Image
01
Gallery Image
02
Gallery Image
03
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments