Yahoo emergency fixes can lead to remote command execution SQL injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201453951
Type myhack58
Reporter 佚名
Modified 2014-09-23T00:00:00


Yahoo emergency fixes can lead to remote command executionSQL injectionvulnerability


Recently, due to the presence of serious SQL vulnerabilities, Yahoo's website had been penetrated by the big impact note: the site is not yahoo main station, but is affiliated with yahoo a India ideas collection website for more details, see the end of this article)

Security experts, penetration testing engineer Ebrahim Hegazy from the Egyptian Zigoo, and found a serious SQL vulnerabilities. The vulnerability allows the attacker root privilege to execute arbitrary commands.

Some details

According to Hegazy in a blog published the article says, the SQL vulnerability exists in the Yahoo of a website, 网址是 as of now, the vulnerability has been fixed, but the URL is still accessible.


[1] [2] [3] next