Yahoo emergency fixes can lead to remote command executionSQL injectionvulnerability
Recently, due to the presence of serious SQL vulnerabilities, Yahoo's website had been penetrated by the big impact note: the site is not yahoo main station, but is affiliated with yahoo a India ideas collection website for more details, see the end of this article）
Security experts, penetration testing engineer Ebrahim Hegazy from the Egyptian Zigoo, and found a serious SQL vulnerabilities. The vulnerability allows the attacker root privilege to execute arbitrary commands.
According to Hegazy in a blog published the article says, the SQL vulnerability exists in the Yahoo of a website, 网址是http://innovationjockeys.net/tictac_chk_req.php as of now, the vulnerability has been fixed, but the URL is still accessible.