back to article Hacktivist vuln still plagues UN.org

The official website of the United Nations has yet to fix a vulnerability that more than two years ago allowed hacktivists to replace official content with their own activist messages. According to Errata Security CEO Rob Graham, the same SQL injection flaw that plagued the site in August of 2007 remains unfixed now. It's …

COMMENTS

This topic is closed for new posts.
Pirate

SQL Injection is easy to fix

this is just dumb i cant believe they leave such stupid venerabilities open i hope this article pushes them to fix the issue for their sake and their users

0
0
Silver badge

Just put in a message about global warming

and add that it is all bogus. Do it every day and it might make a point.

Of course you could also add a message that there is $20 if you write to the Secretary General and include coupon code #64327.

0
0
FAIL

The UN to a tee

Big, useless, expensive, can't even sort out it's own shit and yet it wants to make itself even bigger.

Replace with "the government", "Gordon Brown", "Apple" etc as you wish but the UN is the worst of them all when it comes to screwing up and refusing to shoulder the blame.

0
0
Alert

Wow

Jesus Christ... I could do this hack when I was 14 years old (white hat of course: I learned after 5 minutes of googling how to secure my site against it preemptively). Ridiculous.

0
0
FAIL

Looks like someone deleted the entire database already...

select * from sysobjects

...is returning nothing!

0
0
Badgers

Patch (finally) in progress?

Clicking on the (provided) link:

ADODB.Recordset.1 error '80004005'

SQLState: 37000

Native Error Code: 8180

SQLState: 37000

Native Error Code: 170

[MERANT][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near ''.

[MERANT][ODBC SQL Server Driver][SQL Server]Statement(s) could not be prepared.

/apps/news/infocus/sgspeeches/statments_full.asp, line 28

0
0
This topic is closed for new posts.

Forums