Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS SQL
Oracle
DB2
MS Access
MySQL
» RESOURCES
Database Tools
SQL Scripts & Samples
Links
» Database Forum
» Sitemap
Free Newsletters:
DatabaseDaily  
News Via RSS Feed


follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2
 

Posted Jan 1, 2010

SQL-injection hole found in Intel Website

By DatabaseJournal.com Staff

A hacker that goes by the name Unu has reported that he has found a SQL-injection vulnerability in an Intel website (Intel Channel Webinars) which uses a MySQL database server. Unu observed that after cracking the password for a certain user the hacker could then gain access to the server through an IP address.

Unu offered a proof-of-concept by posting screenshots and proving he could expose payment card numbers, CID/CW codes, and expiration dates. And in a recent blog posting Unu made the statement that while Intel Corporation is a huge manufacturer it lacks adequate security as many large companies.

As a result, the website was reportedly disconnected from the Net.

View Article

Daily News Archives

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.