The official website of Embassy of Kazakhstan in Delhi having SQL injection Vulnerability, and Hacker with codename - Abs0luti0n has successfully Extract the database tables info and leak it on a pastebin note including Admin's Username and Password.
Hacker said,"Lately we have been experimenting on some new large targets which will be unveiled soon. However today while we were cruising around in our lulzmobile,we set sights momentarily on another outdated weak vehicle and with great ease put the pedal to the metal, ran all the lights and flew straight through our accquired target."
SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. Attackers utilize this vulnerability by providing specially crafted input data to the SQL interpreter in such a manner that the interpreter is not able to distinguish between the intended commands and the attacker’s specially crafted data. The interpreter is tricked into executing unintended commands.
SQL injection can be prevented if you adopt an input validation technique in which user input is authenticated against a set of defined rules for length, type, and syntax and also against business rules.
thehackernews.com
Niciun comentariu:
Trimiteți un comentariu