Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS Access
Database Tools
SQL Scripts & Samples
» Database Forum
» Sitemap
Free Newsletters:
News Via RSS Feed

follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2

Posted Jan 1, 2010

SQL-injection hole found in Intel Website

By Staff

A hacker that goes by the name Unu has reported that he has found a SQL-injection vulnerability in an Intel website (Intel Channel Webinars) which uses a MySQL database server. Unu observed that after cracking the password for a certain user the hacker could then gain access to the server through an IP address.

Unu offered a proof-of-concept by posting screenshots and proving he could expose payment card numbers, CID/CW codes, and expiration dates. And in a recent blog posting Unu made the statement that while Intel Corporation is a huge manufacturer it lacks adequate security as many large companies.

As a result, the website was reportedly disconnected from the Net.

View Article

Daily News Archives

Comment and Contribute


(Maximum characters: 1200). You have characters left.