Incapsula Protection

Printer Backdoor

Hardware malware

Nuclear Plant hacked

Java zero-day exploit

RedHack hacker

Sign up for Updates

European Space Agency SQL vulnerability exploited

Author : Mohit Kumar

on

12/01/2012 06:29:00 AM

The European Space Agency (ESA) is an intergovernmental organisation dedicated to the exploration of space. Hacker going by name “SlixMe” find and exploit SQL Injection vulnerability on a sub domain of website.

Hacker upload

dump

on his website, where he disclose the SQLi vulnerable link and Database tables also. Hacker also mention that other 5 domains are also hosted on same server, that can be exploited if he will be successful to exploit one site completely.

Exploited Domain : http://television.esa.int/

Method mentioned as “PostgreSQL AND error-based – WHERE or HAVING clause”. In further discluse the PayLoad of injection also published.

Site is vulnerable at time of publishing this article.

About Author:

Mohit Kumar aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. His editorials always get people thinking and participating in the new and exciting world of cyber security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks. His all efforts are to make internet more Secure. Follow him @ Twitter | LinkedIn | Google | Email

Tags:
database hacked
,
European Space Agency
,
hacking news
,
hacking website
,
SQL Databases
2000

,
sql injection
,
SQLi vulnerable sites
,
Vulnerability
The content of – European Space Agency SQL vulnerability exploited and other Information in this article is only for Educational Purpose, provided by various legit sources and deep analysis of our Security Research Team. Please feel free to Contact us. Thank You !
Older Post

Home

‘; var pageArea = document.getElementsByName(“pageArea”);
var blogPager = document.getElementById(“blog-pager”); if(postNum 0)
html =”;
if(blogPager)
blogPager.innerHTML = html;
} function showpageCount2(json) var thisUrl = home_page_url;
var htmlMap = new Array();
var isLablePage = thisUrl.indexOf(“/search/label/”)!=-1;
var thisLable = isLablePage ? thisUrl.substr(thisUrl.indexOf(“/search/label/”)+14,thisUrl.length) : “”;
thisLable = thisLable.indexOf(“?”)!=-1 ? thisLable.substr(0,thisLable.indexOf(“?”)) : thisLable;
var thisNum = 1;
var postNum=1;
var itemCount = 0;
var fFlag = 0;
var eFlag = 0;
var html= ”;
var upPageHtml =”;
var downPageHtml =”; var labelHtml = ‘

‘;
var thisUrl = home_page_url; htmlMap[htmlMap.length]=labelHtml;
postNum++; for(var i=pageCount-1, post; post = json.feed.entry[i]; i=i+pageCount)
var timestamp1 = post.published.$t.substring(0,19)+post.published.$t.substring(23,29);
timestamp = encodeURIComponent(timestamp1); var title = post.title.$t; if(thisUrl.indexOf(timestamp)!=-1 )
thisNum = postNum;
if(title!=”) postNum++;
htmlMap[htmlMap.length] = ‘/search/label/’+thisLable+’?updated-max=’+timestamp+’&max-results=’+pageCount; itemCount++;
} var banyaknomer = htmlMap.length;
if (json.feed.entry.length % pageCount == 0)
var banyaknomer = htmlMap.length -1 ;
postNum=postNum-1;
; for(var p =0;p=(thisNum-displayPageNum-1) && p

‘;
}else
upPageHtml = ‘

‘+ upPageWord +’

‘;
fFlag++;
} if(p==(thisNum-1))
html += ‘

‘+thisNum+’

‘;
else
if(p==0)
html = labelHtml+’1′;
else
html += ‘

‘+ (p+1) +’

‘;

} if(eFlag ==0 && p == thisNum)
downPageHtml = ‘

‘+ downPageWord +’

‘;
eFlag++;

}
} if(thisNum>1)
if(!isLablePage)
html = ”+upPageHtml+’ ‘+html +’ ‘;
else
html = ”+upPageHtml+’ ‘+html +’ ‘;

} html = ‘

Pages (‘+(postNum-1)+’)'+html; if(thisNum’; var pageArea = document.getElementsByName(“pageArea”);
var blogPager = document.getElementById(“blog-pager”); if(postNum 0)
html =”;
if(blogPager)
blogPager.innerHTML = html;
}

Loading

;

Read this article - 

European Space Agency SQL vulnerability exploited

Print PDF