14 DAY TRIAL // After identifying vulnerabilities in the sites of a large number of important US universities, members of TeamHav0k add another one to the list. It seems that the official website of Yale University contains an SQL Injection vulnerability that allowed the hackers to gain access and leak tons of information.
A Pastebin document reveals database tables, a list of email addresses and even an administrator username and password, obtained by leveraging the security hole found on one of the subdomains.
We’ve contacted Yale University to notify them of the issue and to find out whether anything has been done to address the vulnerability.
“We want to prove that nothing is secure, there is always a vuln to be found. Security is only an illusion,” a TeamHav0k spokesperson said.
“We also want to help the admins, but sometimes though, like with the Yale subdomain, we will exploit the vuln fully to really drive the point home.”