Search This Blog

Showing posts with label Blind SQL Injection Vulnerability. Show all posts

Foxconn website hacked and database leaked by hacker D35m0nd142


Hacker with twitter handle "D35m0nd142" has claimed to have breached the website of Foxconn, a Taiwanese multinational electronics contract manufacturing company.

Hacker exploited a Blind SQL Injection vulnerability in the subdomain "cq.foxconn.com" and compromised the database.

"//Admins warned..I didn't do any damage..It is just the proof of the giant vulnerability which affects the website.." Hacker said. "This is just a small piece of database and passwords are encrypted in order to prevent damage from other attackers with malicious purposes."

The dump((pastebin.com/PZ9BbbVA) contains the database details, email address, passwords.

Blind SQL Injection vulnerability in PayPal Notifications website



An Indian Security Researcher Prakhar Prasad has discovered a Blind SQL Injection vulnerability in Paypal Notifications website(paypal-notify.com) that allowed researcher to access database of Paypal notification system.

" As a part of Paypal Bug Bounty Program, I did a responsible disclosure of the bug to Paypal Security Team " The researcher said in his blog.


SQLMap displays the Database name after injection


The PayPal security team patched the vulnerability immediately, just the next day after the Prasad's vulnerability report due to its high severity.

The Paypal security team patched the vulnerability and rewarded the researcher with $3000 for the SQLi and additional $350 for other less critical bugs on 21st January.