Pingie: HTTP:: UK Parliament Website Hacked

HTTP:: UK Parliament Website Hacked
--------
A hacker broke into the database of the UK Parliament website by exploiting an SQL injection vulnerability. The incident reveals very poor and questionable password security practices on behalf of the website administration.The security hole on parliament.uk was discovered by a Romanian greyhat hacker going by the online handle of "Unu," who has made a habit of testing high profile websites for similar bugs. Unu's "hit list" so far includes the websites of large antivirus vendors Kaspersky, BitDefender, F-Secure, Symantec, renowned newspapers, such as The International Herald Tribute and The Telegraph or big ISPs, like British Telecom, Tiscali and Orange France or, more recently, Yahoo! Local.According to Unu, the vulnerability is located in a php script used on the lifepeeragesact.parliament.uk section, which fails to properly sanitize parameters being passed through. This allows a potential attacker to execute SQL queries directly into the database easily by manipulating !
the URL.The screen shots published by Unu reveal that the Web server is running on Debian 4.0 (Etch) Linux with a MySQL 5.0.32 database backend. The website's database is called parliament_live; fortunately, it cannot be accessed directly from a remote host.What is more disconcerting though is what a peak into the database table h...
--------
http://news.softpedia.com/news/UK-Parliament-Website-Hacked-120511.shtml This e-mail was sent by Experiment23 Inc., located in New York, NY
10163. To not receive further e-mails, please visit
http://help.pingie.com