Wednesday, February 1, 2012

TinKode-CNN vulnerable to SQL Injection


Posted by isrtinkode on February 20, 2010

CNN
Vulnerable to Oracle Injection
#TinKode & skpx
CNN.com is among the world's leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN's world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN's global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day.
Website vulnerable: cgi.money.cnn.com
Link:
http://cgi.money.cnn.com/tools/fortune/compare_2009.jsp?censored
Informations:

Version : Oracle9i Enterprise Edition Release 9.2.0.4.0 - Production

 censored: censored

 censored: censored

Owner : SYS
Columns from censored
[1] RANK
[2] COMPANY_ID
[3] NAME
[4] REVENUE
[5] REVENUE_GROWTH
[6] PROFIT
[7] PROFIT_GROWTH
[8] PROF_PCT_REVENUE
[9] PROF_PCT_ASSETS
[10] PROF_PCT_EQUITY
[11] EPS_10YR_GROWTH
[12] TRI_10YR
[13] TRI
[14] EMPLOYEES
[15] EMPLOYEE_GROWTH
# Thanks, and have a nice day!
# TinKode

0 comentarii:

Post a Comment