Articles about sql injection

Researcher: DJI RCE-holes offered me $500 after I found Heartbleed etc on its servers

Updated Chinese drone-maker DJI’s bug bounty programme has been struck with fresh controversy after a security researcher claimed he was offered just $500 for reporting, among others, the years-old Heartbleed vulnerability. Infosec chap Sean Melia – no stranger to bug bounty programmes – said he discovered that DJI’s servers not only …
Gareth Corfield, 28 Nov 2017
Shutterstock door knocker

Swiss banking software has Swiss cheese security, says Rapid7

Rapid7 has gone public with news of an e-commerce SQL injection vulnerability, saying it couldn't raise a response from the vendor. The software in question, SmartVista, is an e-commerce and financial product from BPC Banking, and in this post, Rapid7 says it told the company about the issue back in May 2017. The US CERT …
SQL injection

WordPress photo plugin opens 'a million sites' to SQLi database feasting

A critical flaw has been found in the third-party WordPress NextGEN Gallery plugin that is, according to, actively used by more than a million websites. If you're using this plugin, patch now to version 2.1.79 or greater. If you're a cyber-scamp, well, here's a surefire way to compromise a lot of tardy sites. The …
Iain Thomson, 1 Mar 2017

Riverbed's NetProfiler, NetExpress virty appliances patched

Riverbed has pushed out an update to virtual security appliances, after Security-Assesment warned it they had multiple vulnerabilities. The report details SQL injection, command injection, privilege escalation, local file inclusion, cross-site scripting, account hijacks and hard-coded credentials affecting two Riverbed virtual …
Fawlty Towers

Watchdog bites hotel booking site: Over 3k card details slurped

Hotel booking website Worldview Limited has been fined £7,500 over a security breach involving its website that allowed hackers to swipe the full payment card details of some 3,814 customers. Sensitive data was accessed after the unidentified attacker exploited a SQL injection flaw in Worldview website to access the firm's …
John Leyden, 5 Nov 2014
bug on keyboard

Joomla issues upgrade to patch critical SQL vuln

Joomla's developers have moved to fix a critical SQL injection vulnerability – but are coming under fire for taking a month to address the issue. The version 3.2.3 update, available since late last week, is described by Joomla as fixing a high priority core SQL injection bug (along with two medium priority XSS bugs and an …
Hacker baseball cap

Laurie Love investigation stretches to Australia, Sweden

Following the arrest of Laurie Love of Suffolk on charges that he gained unauthorised access to US government computers, it's emerged that he was working with co-conspirators in Australia and Sweden. According to the charges reported here yesterday, Love's twelve-month hacking spree included machines belonging to the US Army, …
The Register breaking news

E-shopkeepers stabbed with SQL needles 'twice' as much as other sites

Retailers suffer twice as many SQL injection attacks on their systems as other industries, according to a new study by data-centre security firm Imperva, which claims the ferocity of web-based assaults is growing. The fourth annual edition of Imperva's Web Application Attack Report [PDF] also revealed that e-shopping …
John Leyden, 23 Jul 2013
The Register breaking news

Signatures no good at protecting databases, says Juniper

One of the most common forms of attack is the SQL injection, and although the vector is ancient and well-understood, it's notoriously difficult to defend against. Kevin Kennedy, senior director of product management for Juniper Networks' security business unit, is in Australia to demonstrate Juniper's latest shot at defeating …
The Register breaking news

Under the microscope: The bug that caught PayPal with its pants down

Security researchers have published a more complete rundown of a recently patched SQL injection flaw on PayPal's website. The Vulnerability Laboratory research team received a $3,000 reward after discovering a remote SQL injection web vulnerability in the official PayPal GP+ Web Application Service. The critical flaw, which …
John Leyden, 15 Apr 2013
The Register breaking news

PayPal plugs SQL injection hole, tosses $3k to bug-hunter

PayPal has fixed a security bug that could have allowed hackers to compromise the payment website's databases using an SQL injection attack. Researchers at Vulnerability Laboratory earned a $3,000 reward for discovering and reporting the critical bug to PayPal in August. An advisory sent to the Full Disclosure security mailing …
John Leyden, 30 Jan 2013
The Register breaking news

Ruby on Rails has SQL injection vuln

The maintainers of Ruby on Rails are warning of an SQL injection vulnerability which affects all versions of the popular Web framework. They advise that users should immediately apply an upgrade available here. Designated CVE-2012-5664, the maintainers explain the bug this way: “Due to the way dynamic finders in Active Record …
The Register breaking news

Security still slack in WA government agencies

While not as utterly hopeless as last year, IT security is still troublesome in Western Australia’s government agencies. In last year’s annual audit, the Auditor General strolled through fourteen agency networks in an undetected penetration test. This year, the auditor’s staff have looked at payment security in nine agencies, …
The Register breaking news

Patchy app development security slammed

Eight in 10 applications failed to pass stricter security testing standards in test by application security assessment firm Veracode. Veracode tightened up its testing procedures so that apps prone to cross-site scripting and SQL injection errors automatically failed. This zero tolerance policy reflects that fact that these …
John Leyden, 8 Dec 2011
The Register breaking news

DNS hijack hits The Register: All well

Update On early Sunday evening, UK time, The DNS records of many websites, including those of The Register and The Telegraph, were hijacked and redirected to a third party webpage controlled by Turkish hackers. The Register's website was not breached. And as far as we can tell there was no attempt to penetrate our systems. But we …
Drew Cullen, 5 Sep 2011
The Register breaking news

Groundhog day: more Sony breaches

Talk of “isolated incidents” went by the board in the last couple of days, with Sony and Sony-affiliated sites compromised in Canada, Japan and Indonesia. Let’s do the rounds: • Canada – The Hacker News reports a breach at a Sony-Ericsson mobile store, conducted through an SQL injection attack and yielding details of around 2 …
The Register breaking news

eHarmony plays down data breach on dating advice site

Online dating site eHarmony is asking some of its users to change their passwords following the discovery of a security breach. A SQL injection vulnerability on a secondary site created a possible means for screen names, email addresses and hashed passwords to be extracted. eHarmony is in the process of advising a small …
John Leyden, 11 Feb 2011
The Register breaking news

Hackers sell access to hacked .mil and .gov sites

Cybercrooks are offering hacked domains, including military sites, for sale through underground marketplaces. Government, defence (.mil) and education sites in the US and Europe are on offer to interested parties from anywhere between $55 and $499 each. The hacker is selling admin login credentials to hacked sites as well as …
John Leyden, 24 Jan 2011

Create a news alert about sql injection, or find more stories about sql injection.

Biting the hand that feeds IT © 1998–2018