Hacker finds SQL-injection issue as well as execution of load_file on an Intel Website
A hacker that goes by the name Unu has reported that he has found a SQL-injection vulnerability in an Intel website (Intel Channel Webinars) which uses a MySQL database server. Unu observed that after cracking the password for a certain user the hacker could then gain access to the server through an IP address.
Unu offered a proof-of-concept by posting screenshots and proving he could expose payment card numbers, CID/CW codes, and expiration dates. And in a recent blog posting Unu made the statement that while Intel Corporation is a huge manufacturer it lacks adequate security as many large companies.
As a result, the website was reportedly disconnected from the Net.