Hacker discloses vulnerabilities in dozens of Military and Pentagon websites

2013-02-02T04:00:00
ID THN:3EC4B77F1A0BF6312A7EBD9D48ACC6B4
Type thn
Reporter Wang Wei
Modified 2013-02-02T15:00:53

Description

A hacker with handle name (~!White!~) today disclose SQL injection vulnerabilities in dozens of Military, United Nation and Pentagon domains. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations.

Through a Pastebin note hacker announce more details about his findings in many sensitive websites, including Pentagon Defense Post Office Website, Office of the Deputy Director for Science Programs, Wiesbaden Military Community, NMCI Legacy Applications, Darby Military Community, Department of Economic and Social Affairs at United Nation and many more.

SQL Injection is the hacking technique which attempts to pass SQL commands through a web application for execution by the back-end database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database or even can wipe it out.

Hacker also claimed to hack database of Pentagon.mil and other mentioned website and partially dumped small sample database in another paste online.