AOH :: ISNQ5401.HTM

Hacker Hits RBS WorldPay Systems Database

Hacker Hits RBS WorldPay Systems Database
Hacker Hits RBS WorldPay Systems Database


http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=220000005 

By Kelly Jackson Higgins
DarkReading
Sept 11, 2009

A Romanian hacker well-known for discovering SQL injection 
vulnerabilities in high-profile Websites has struck again -- this time 
on RBS WorldPay's site, where he says he hit the jackpot, the company's 
database.

The hacker, who goes by "Unu," says he accessed RBS WorldPay's database 
via a SQL injection flaw in one of its Web applications. RBS WorldPay 
maintains Unu accessed a test database that didn't carry any live data, 
and that no merchant or cardholder data accounts were compromised. The 
company has since taken down the pages.

Unu says the company's response to his email warning of the 
vulnerability, as well as other security problems, was "unprofessional" 
and "confused."

"If the parameter is not well-secured, besides the legitimate request 
from the database -- which is related to that parameter -- other 
applications data can insert," he says. "The vulnerable parameter allows 
full access to databases on [the] server."

[...]


________________________________________
Please Donate to the Ron Santo Walk to 
Cure Diabetes with Ethan's Crew!
http://www.c4i.org/ethan.html

Site design & layout copyright © 1986- CodeGods