SQL-injection hole found in Intel Website

Saturday Jan 2nd 2010 by DatabaseJournal.com Staff

Hacker finds SQL-injection issue as well as execution of load_file on an Intel Website

A hacker that goes by the name Unu has reported that he has found a SQL-injection vulnerability in an Intel website (Intel Channel Webinars) which uses a MySQL database server. Unu observed that after cracking the password for a certain user the hacker could then gain access to the server through an IP address.

Unu offered a proof-of-concept by posting screenshots and proving he could expose payment card numbers, CID/CW codes, and expiration dates. And in a recent blog posting Unu made the statement that while Intel Corporation is a huge manufacturer it lacks adequate security as many large companies.

As a result, the website was reportedly disconnected from the Net.

Mobile Site | Full Site