@WilyXem tweeted that he succesffully exploited a SQL injection in the European space agency (esa.int). He also included a screenshot for proof. You can view his tweet below.
European Space Agency – SQL Injected by WilyXem. http://t.co/klt8xT3F@Softpedia @Zer0Security @EHackerNews @securityninja @BreakTheSec
— WilyXem (@WilyXem) January 27, 2013
SQL injection occurs when user input is not filtered for escape characters and is then passed into an SQL statement. This results in the potential manipulation of the statements performed on the database by the end-user of the application.
