|
Home / News / Tags / SQL injection
|
|
30
Stories about: SQL injection |
|
|
Multiple vulnerabilities discovered in the website of a UK-based company called OnlineFX, which conducts foreign exchange services, can be exploited to extract highly sensitive data from the underlying database. Credit card details and customer information are possibly compromised.According to its own website, Online... |
29 September 2009
08:04 GMT |
 |
|
A hacker has disclosed an SQL injection vulnerability in the website of the Internet Archive project, which exposed sensitive information about registered members. The leaked data included personal details such as the e-mail address, names, home address, zip, city and state. The vulnerability was discovered and repo... |
22 September 2009
06:00 GMT |
|
|
RBS WorldPay is currently banging heads with a grey hat hacker over the seriousness of SQL injection vulnerabilities that he discovered on its websites. Meanwhile, another web developer exposed a cross-site scripting weakness in a site belonging to the company in order to prove that its efforts to mitigate XSS are no... |
12 September 2009
04:26 GMT |
|
|
RideMatch.info, a website used by several California-based companies and transportation boards to match commuters on similar routes, has been exposed by a security expert as being vulnerable to massive SQL injections that will result in the disclosure of user personal data, CyberInsecure reports. Among the companies ... |
11 September 2009
03:26 GMT |
|
|
Websites belonging to several large European banks, such as ING, Dexia and HSBC, have been hacked through SQL injection. These proof-of-concept attacks reveal poor security practices on behalf of institutions that people entrust with their life savings.The security issues have been discovered by Romanian self-confess... |
5 September 2009
06:05 GMT |
|
|
A hacker broke into the database of the UK Parliament website by exploiting an SQL injection vulnerability. The incident reveals very poor and questionable password security practices on behalf of the website administration.The security hole on parliament.uk was discovered by a Romanian greyhat hacker going by the on... |
31 August 2009
07:02 GMT |
|
|
Notorious Israeli hacker Ehud Tenenbaum, a.k.a. "The Analyzer," has pleaded guilty to one count of access-device fraud in New York after he was indicted by the U.S. authorities for credit card fraud last October. He faces a maximum of 15 years in a federal prison and his sentencing is scheduled for November 19.Ehud T... |
26 August 2009
09:08 GMT |
|
|
A greyhat hacker has discovered a critical SQL injection vulnerability in Yahoo! Local Neighbors discussion board website. The flaw can be used to read information about administrative and user accounts or upload a shell on the server.Neighbors is a Yahoo! Local feature launched at the end of 2007 with the purpose of... |
25 August 2009
09:07 GMT |
|
|
SQL injections are ranked as the top vulnerability that hackers tend to go after, in a report by the Web Application Security Consortium (WASC). Hackers went, in the first half of 2009, after social and media websites, due to their large user pools and public exposure. A large number of incidents was recorded for th... |
20 August 2009
07:43 GMT |
|
|
Robert Graham, expert at Erata Security, the person who was first to find the vulnerability behind the UN website attack in 2007, reported on his blog that United Nations security admins failed to fix the problem. The UN website is still as vulnerable as it was two years ago to massive SQL injection as it can be see... |
15 August 2009
05:13 GMT |
|
|
Romanian grey-hat hacker Unu has hit the Daily Telegraph website for a second time in under three months and says that the impact of the new vulnerability he found is much more serious than last time. According to the hacker, the weakness allows for the execution of an SQL injection attack and the extraction of the p... |
29 May 2009
04:47 GMT |
|
|
Romanian grey-hat hacker Unu makes a comeback with a big bang – a critical SQL injection in Orange.fr. Exploiting the vulnerability exposes the names, e-mail addresses and plain text passwords of over 245,000 users. The newly reborn Romanian HackersBlog has published details of an SQL injection vulnerability a... |
25 May 2009
05:11 GMT |
|
|
The rather successful Romanian self-proclaimed ethical hacking outfit HackersBlog has announced its retirement from the Web vulnerability disclosure scene, invoking the members' lack of spare time. During its short life online, the group has achieved international recognition and has attracted a lot of media att... |
24 March 2009
05:59 GMT |
|
|
The Romanian self-proclaimed ethical hacking outfit HackersBlog has disclosed an SQL injection vulnerability in the website of Tiscali UK. The flaw allows for unauthorized access to the database containing the personal and login information of the registered users. Tiscali is an European Internet service provider he... |
16 March 2009
06:34 GMT |
|
|
Following the disclosure of an SQL injection vulnerability affecting a section of the British Telecom website, the company claims that no customer data has been affected. Meanwhile, the hacker has published evidence of a new, more serious flaw on BT.com. The original security breach was reported by a Romanian hacker... |
12 March 2009
04:14 GMT |
|
|
Evidence of an SQLi flaw allegedly affecting the website of BT, one of the largest communications providers in the world, has been published by a self-confessed white-hat hacker. He claims that successful exploitation of the vulnerability exposes the login credentials and e-mail addresses of registered users. BT, al... |
10 March 2009
04:35 GMT |
|
|
HackersBlog, the Romanian whitehat hacking outfit, have disclosed an SQL vulnerability in a section of the telegraph.co.uk website. According to the group, the flaw gives attackers access to over 700,000 e-mail addresses and user passwords.The Daily Telegraph, also referred to as The Telegraph, is one of the biggest ... |
7 March 2009
07:44 GMT |
|
|
The hackers' assault on security vendors' websites continues with ESET, developer of the popular NOD32 antivirus solution. Multiple websites controlled by the company are vulnerable to cross-site scripting and SQL injection. A hacker calling himself Methodman has published proof-of-concept attacks against ... |
28 February 2009
06:31 GMT |
|
|
Following the disclosure of an alleged SQL injection vulnerability on the website of the National Lottery in UK, Camelot Group plc, the company responsible with operating it, claims that no sensitive information regarding its registered users has been compromised. We have previously reported that a group of white-ha... |
26 February 2009
03:39 GMT |
|
|
A white-hat hacker claims that the website of UK's National Lottery is open to SQL injection attacks that could endanger the privacy of the registered players. By exploiting an insecure parameter on a page, unauthorized access to the site's database can be obtained. The http://www.national-lottery.co.uk we... |
24 February 2009
06:24 GMT |
|
|
Following the disclosure of an alleged SQL injection vulnerability affecting the news.bitdefender.com website, the antivirus vendor has released the results of its internal investigation. The most important thing, according to the company, is that no sensitive data has been compromised.A white-hat hacker calling hims... |
23 February 2009
10:29 GMT |
|
|
During the past few weeks, a Romanian self-proclaimed ethical hacking group has kept the leading antivirus vendors on their toes after disclosing SQL injection vulnerabilities on several of their websites. The security companies that have been affected include Kaspersky, Bitdefender, F-Secure and Symantec. Even tho... |
23 February 2009
09:00 GMT |
|
|
Following the disclosure of a flaw in a section of the Symantec website that allegedly allows for SQL injection attacks, the company has denied its existence and invoked an "inconsistent exception handling routine for language options." The Romanian hacker who disclosed the vulnerability disagrees and has released ad... |
20 February 2009
06:39 GMT |
|
|
The Romanian ethical hacking outfit HackersBlog shames yet another antivirus vendor – Symantec. A SQL injection vulnerability in a section of the Symantec website allows unauthorized access to the database. Symantec is one of the biggest IT security companies in the world, developing a wide range of products f... |
19 February 2009
03:41 GMT |
|
|
The Romanian HackersBlog outfit disclosed a SQL injection vulnerability in the website of the International Herald Tribune, the international edition of the New York Times. A poorly-sanitized parameter allowed the hackers to obtain access to the database, including the table containing the login credentials of the ne... |
18 February 2009
03:47 GMT |
|
|
The Romanian hacker going by the handle of "unu" has announced a new SQL injection vulnerability affecting the website of Bitdefender antivirus. However, this time around the flaw is on the company's main website and not on one maintained by a reseller. During the previous week, a Romanian ethical hacking outfi... |
16 February 2009
04:29 GMT |
|
|
After previously compromising websites belonging or related to Kaspersky and Bitdefender, the Romanian hackers from the HackersBlog crew launched a new successful SQL injection attack against the website of an antivirus vendor. This time around, it was F-Secure, however, the security breach did not have the potential... |
12 February 2009
04:07 GMT |
|
|
After a SQL injection attack against the US support website belonging to Kaspersky Labs was published on the Romanian Hackers Blog, the company disclosed details of the security breach. The investigation established that no sensitive data was accessed, but the antivirus vendor hired a database security expert to audi... |
10 February 2009
05:50 GMT |
|
|
Both Kaspersky and Bitdefender antivirus vendors have been left with red faces by a Romanian hacker who obtained access to the SQL databases of two of their websites. The data stored in the databases includes customer information, e-mails, support tickets, and even activation codes. A hacker going by the nickname of... |
9 February 2009
07:13 GMT |
|
|
The end of the past week brought with it a couple of new security tools from Microsoft, made available as free downloads. The Microsoft Code Analysis Tool .NET (CAT.NET) version 1 Community Technology Preview and the Microsoft Anti-Cross Site Scripting Library version 3.0 Beta went both live over the weekend, and are... |
15 December 2008
08:01 GMT |
|
|
In mid-2008 Microsoft made available three security tools (one developed in conjunction with the HP Web Security Research Group) designed to counter the increasing wave of SQL injection attacks faced by customers running its software. SQL injection attacks were escalating at that point, targeting design flaws in web ... |
28 November 2008
10:57 GMT |
|
|
Security vendor Kaspersky Labs warns that between 2,000 and 10,000 American and Western European web pages have been hacked in a two-day interval. The cybercriminals responsible for the attack have not been identified yet, but the details of the incident are highly similar to an attack that took place last spring and... |
10 November 2008
05:46 GMT |
|
|
UrlScan is a free security tool available for download from Microsoft designed to bulletproof websites developed and running on top of Windows server operating systems and Internet Information Services. Delivered in order to filter SQL injection attacks, UrlScan is now at version 3.1, less than three months following... |
3 November 2008
07:11 GMT |
|
|
BusinessWeek has just joined a group of highly rated and visited websites that fell victims to SQL injection attacks. Graham Cluley, Senior Technology Consultant for the security company Sophos, disclosed that parts of the website of the popular weekly magazine were attempting to serve malware from a Russian server.S... |
16 September 2008
09:10 GMT |
|
|
Organizations focusing on tracking the evolution of security threats are reporting that, over the last three months, the dimension of botnets has increased about four times. “During the same time period, there isn't an appreciable increase in new malware, new viruses or anything that would obviously indica... |
3 September 2008
04:12 GMT |
|
|
It has come to light that this past weekend, the official Malaysian web page of the internationally renowned security software provider Kaspersky, as well as the S.E.S. online shop web page, have been successfully hacked. A Turkish cracker going by the name of "m0sted" managed to hack the previously mentioned web pag... |
21 July 2008
08:37 GMT |
|
|
In the past couple of weeks we have seen a serious increase in SQL injection attacks. Although Microsoft and HP have provided ample guidance and tools to solve the problem with, there are still sites out there that get infected. The latest web page to be attacked is the ATP site (short for Association for Tennis Pro... |
3 July 2008
07:08 GMT |
|
|
An escalation in SQL injection attacks aimed at websites based on ASP and ASP.NET technologies has prompted Microsoft to take action. Immediately after the explosion of SQL injection exploits the Redmond company highlighted resources available for administrators to bulletproof websites, but initially offered only a s... |
25 June 2008
07:08 GMT |
|
|
With SQL injection attacks lurking around web servers hooked to databases (independent of vendor, but with a focus on Windows, IIS and SQL Server), Microsoft is lending a helping hand against the threat. According to the Redmond company, a new breed of attacks debuted at the end of 2007 does not show any signs of win... |
2 June 2008
07:08 GMT |
|
|
Microsoft says that its technology is in no way at fault for massive web server attacks having already affected in excess of half a million webpages. The past week, security company F-Secure revealed that over 500,000 pages had been compromised through SQL injections. The attacks target only websites that are running... |
29 April 2008
06:44 GMT |
|
|
Security company McAfee has warned of a new mass web-based attacks preying on the Windows operating system. The first attack was initially discovered on March 12 and it involved SQL injection. Craig Schmugar, threat research manager, McAfee Avert Labs, revealed that initially McAfee detected in excess of 10,000 compr... |
14 March 2008
14:54 GMT |
|
|
The management of relational databases is performed by using SQL (Structured Query Language) that helpsyou to manipulate data inside a collection of tables. Practically, at the web level, SQL language represent the bridge of communication between a web application and a database. In the same manner, the user interac... |
28 January 2008
12:00 GMT |
|
|
|
|
