This morning a security researcher identified that he was able to carry out a successful SQL Injection attack against donate.barackobama.com, the official campaign donation site of current President Barack Obama, and gain access to credentials such as user names and passwords for persons who have donated to the Obama campaign, as well as administrative user credentials. On his blog he goes on to postulate the further attack possibilities with admin access such as web site defacement, uploading phpshells, and so forth. The problem is that the researcher Unu didn’t find an SQL injection site on donate.barackobama.com, he found one on a calendar application at Roosevelt University. In the process of finding out how that would be possible, a real web site vulnerability on the Obama web site reveals itself.
You will get the detail explanation in the given below URL
http://praetorianprefect.com/archives/2009/10/the-barack-obama-donations-site-was-hacked…err-no-it-wasn’t/
Tuesday, October 27, 2009
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment