UN, Skype, Oracle Hacked

Thursday, March 1, 2012 @ 05:03 PM gHale

A grey hat hacker gain unauthorized access to the sites of the United Nations (un.org), Skype (skype.com) and Oracle (oracle.com).

On the official Skype site, the hacker found Blind SQL injection vulnerabilities that allowed him to access their webserver.

Philips Server Compromised
Schoolboys Behind Greek Hack
Tear Gas Maker Hacked
Hacking Victims Still Remain Silent

“In Skype I’ve found a lot of Blind SQL Injections. I’ve written 8 [in a document the hacker posted on Pastebin], but probably there are more vulnerabilities,” the hacker said in a published report on Softpedia.

“I’ve written to the admins because there are a lot of users and a vulnerability like SQL Injection is very very dangerous.”

A similar vulnerability was on Oracle’s community site, theoretically allowing ill-purposed hackers to cause some serious damage.

By leveraging an MSSQL injection flaw, he managed to bypass the security protocols implemented by the United Nations site’s administrators.

This is not the first time un.org suffered a breach, a couple of days ago Team R00tw0rm said they got in. Now, the hacker, named D35m0nd142, provided a screenshot and leaked information from their servers, publishing some of it on Pastebin.

In each scenario, the hacker ensured the data he accessed remained unharmed and contacted the ones responsible for the sites to notify them on the presence of the issues.

“The SQL Injection in my opinion is the greatest danger online,” the hacker said. “From a little bug an attacker can steal thousands or millions of username, password, credit cards,” he said.

“It’s incredible. We always talk about this technique, but almost all sites have this vulnerability.”

Leave a Reply

You must be logged in to post a comment.