loading Posted January 4, 2013 Share Posted January 4, 2013 RED HAT has fixed multiple web application security issues that allowed hackers to extract website database using Blind SQL injection. Red Hat also confirmed a cross site scripting and Local File Inclusion Vulnerabilities on their website. Mohamed Ramadan Security Researcher and Trainer Attack-Secure, said that last year he reported 3 flaws to the company and they finally confirm and patch those in January 2013. This is the hidden content, please Sign In or Sign Up Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application, rather than getting a useful error message, they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. Local file inclusion is a vulnerability that allows the attacker to read files, that are stored locally through the web application.This happens because the code of the application does not properly sanitize the include() function. Technical details are not available at the moment about vulnerable URLs for security issue. source : This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts