CNN Oracle SQL Injection

Iniciado por c0de.breaker, 17 Febrero 2010, 22:49 PM

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario

c0de.breaker

17 Febrero 2010, 22:49 PM Ultima modificación: 21 Febrero 2010, 05:46 AM por sirdarckcat
CNN Oracle SQL Injection

CNN vulnerable to SQL Injection
Citar

CNN

Vulnerable to Oracle Injection
#TinKode & skpx


CitarCNN.com is among the world’s leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN’s world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN’s global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day.

Website vulnerable: cgi.money.cnn.com

Informations:





CitarVersion : Oracle9i Enterprise Edition Release 9.2.0.4.0 – Production





CitarMain Database : MONEYP1.TURNER.COM





CitarUser : TIME_USR





CitarOwner : SYS

Columns from “Time_Owner.F500_2009“:

Citar[1] RANK
[2] COMPANY_ID
[3] NAME
[4] REVENUE
[5] REVENUE_GROWTH
[6] PROFIT
[7] PROFIT_GROWTH
[8] PROF_PCT_REVENUE
[9] PROF_PCT_ASSETS
[10] PROF_PCT_EQUITY
[11] EPS_10YR_GROWTH
[12] TRI_10YR
[13] TRI
[14] EMPLOYEES
[15] EMPLOYEE_GROWTH

# Thanks, and have a nice day!
# TinKode





Imprimir
Ir Arriba Páginas1
Acciones del Usuario