Wall Street Journal website vulnerable to SQL injection
A Romanian security researcher that goes by the handle “Unu” has made public his latest conquest. He managed to gain access to databases of the The Wall Street Journal using an SQL injection.
Furthermore, Unu acquired knowledge of various passwords (stored in clear text) and private information about the members of the press.
He also found out another vulnerability that can ultimately allow access to the command line – making it possible to do virtually anything with the website.
Unu, whose blog has attracted quite a following and has disappeared unexpectedly a month ago, is back and continues to warn about and call attention to vulnerabilities in high-profile websites such as the ones belonging to the Royal Bank of Scotland, Facebook, Symantec, etc.