Yahoo emergency fixes can lead to remote command execution SQL injection vulnerability-vulnerability warning-the black bar safety net

2014-09-23T00:00:00
ID MYHACK58:62201453951
Type myhack58
Reporter 佚名
Modified 2014-09-23T00:00:00

Description

Yahoo emergency fixes can lead to remote command executionSQL injectionvulnerability

!

Recently, due to the presence of serious SQL vulnerabilities, Yahoo's website had been penetrated by the big impact note: the site is not yahoo main station, but is affiliated with yahoo a India ideas collection website for more details, see the end of this article)

Security experts, penetration testing engineer Ebrahim Hegazy from the Egyptian Zigoo, and found a serious SQL vulnerabilities. The vulnerability allows the attacker root privilege to execute arbitrary commands.

Some details

According to Hegazy in a blog published the article says, the SQL vulnerability exists in the Yahoo of a website, 网址是http://innovationjockeys.net/tictac_chk_req.php as of now, the vulnerability has been fixed, but the URL is still accessible.

!

[1] [2] [3] next