The official website of the United Nations has yet to fix a vulnerability that more than two years ago allowed hacktivists to replace official content with their own activist messages. According to Errata Security CEO Rob Graham, the same SQL injection flaw that plagued the site in August of 2007 remains unfixed now. It's …
SQL Injection is easy to fix
this is just dumb i cant believe they leave such stupid venerabilities open i hope this article pushes them to fix the issue for their sake and their users
Just put in a message about global warming
and add that it is all bogus. Do it every day and it might make a point.
Of course you could also add a message that there is $20 if you write to the Secretary General and include coupon code #64327.
The UN to a tee
Big, useless, expensive, can't even sort out it's own shit and yet it wants to make itself even bigger.
Replace with "the government", "Gordon Brown", "Apple" etc as you wish but the UN is the worst of them all when it comes to screwing up and refusing to shoulder the blame.
Jesus Christ... I could do this hack when I was 14 years old (white hat of course: I learned after 5 minutes of googling how to secure my site against it preemptively). Ridiculous.
Looks like someone deleted the entire database already...
select * from sysobjects
...is returning nothing!
Patch (finally) in progress?
Clicking on the (provided) link:
ADODB.Recordset.1 error '80004005'
Native Error Code: 8180
Native Error Code: 170
[MERANT][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near ''.
[MERANT][ODBC SQL Server Driver][SQL Server]Statement(s) could not be prepared.
/apps/news/infocus/sgspeeches/statments_full.asp, line 28