This seems really brave (and stupid) to do. Especially when he went past the step of scanning for the SQL injection to actually using the SQL injection to grab admin user credentials and login to the application.
I feel like if one were to do this in the US, without permission, that they'd be running a high risk of ending up in jail.
That said, it's scary to see that common 90s and 2000 era security issues are still so common.
1 comment
[ 2.5 ms ] story [ 13.2 ms ] threadI feel like if one were to do this in the US, without permission, that they'd be running a high risk of ending up in jail.
That said, it's scary to see that common 90s and 2000 era security issues are still so common.