Friday, June 23, 2017
Home / Security / Breaches / HTC Subdomain Vulnerable to POST SQL Injection

HTC Subdomain Vulnerable to POST SQL Injection

@WilyXem mentioned us in a tweet about a HTC POST SQL injection he found in a subdomain of their site (learning-development.htc.com).

.  In the tweet he included a Pastehtml.  You can view the tweet below:

He dumped a list of tables in the database “uniprosi_htc” which also included a table holding the admin credentials, “capp_admin”.

 [+] DataBase Version : 5.0.45 [+] Current DataBase : 	uniprosi_htc [+] Others DB's : information_schema, test [+] System User : [email protected]

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Top Massachusetts hospital suffers a data breach

One of the United State’s leading hospitals, Massachusetts General (MGH), has fallen victim to a …