news, analysis, opinion and breaking news… and a sql injection vulnerability. International Herald Tribune is the global edition of the New York Times. A site and newspaper read by millions world wide.

I discovered an unsecured parameter which allows access to the data base.

Lets see the version, user and name of the database as well as all the other available data bases.

I will continue with other newspapers soon.

Romanian version:

International news, analysis, opinion and breaking news… and a big sql injection vulnerability. International Herald Tribune is the global edition of the New York Times.
Un ziar foarte citit , o pagina web mult accesata. Problema este la un parametru prost sanitizat care permite acces la baza de date. Sa vedem versiunea, userul, numele bazei de date cat si db disponibile.

Pe langa celelalte date ce tin de site-ul web, mai avem un table interesant. Datele de logare a 161 de colaboratori, editori, etc al renumitului ziar.

Voi continua cu alte ziare de renume..

Related Posts

• December 24, 2009 -- Forumul Andreei Balan spart
• December 22, 2009 -- Fun cu NemoExpres.ro
• December 11, 2009 -- Kaspersky Thailand hacked by TinKode
• December 11, 2009 -- Deface pe site-ul fundatiei Dan Voiculescu pentru Dezvoltarea Romaniei (fudv.ro)
• December 10, 2009 -- Another Nasa website hacked by romanians