SQL-injection hole found in Intel Website

A hacker that goes by the name Unu has reported that he has found a SQL-injection vulnerability in an Intel website (Intel Channel Webinars) which uses a MySQL database server. Unu observed that after cracking the password for a certain user the hacker could then gain access to the server through an IP address.

Unu offered a proof-of-concept by posting screenshots and proving he could expose payment card numbers, CID/CW codes, and expiration dates. And in a recent blog posting Unu made the statement that while Intel Corporation is a huge manufacturer it lacks adequate security as many large companies.

As a result, the website was reportedly disconnected from the Net.

Latest Articles