By Kelly Jackson Higgins
Sept 11, 2009
A Romanian hacker well-known for discovering SQL injection
vulnerabilities in high-profile Websites has struck again -- this time
on RBS WorldPay's site, where he says he hit the jackpot, the company's
The hacker, who goes by "Unu," says he accessed RBS WorldPay's database
via a SQL injection flaw in one of its Web applications. RBS WorldPay
maintains Unu accessed a test database that didn't carry any live data,
and that no merchant or cardholder data accounts were compromised. The
company has since taken down the pages.
Unu says the company's response to his email warning of the
vulnerability, as well as other security problems, was "unprofessional"
"If the parameter is not well-secured, besides the legitimate request
from the database -- which is related to that parameter -- other
applications data can insert," he says. "The vulnerable parameter allows
full access to databases on [the] server."
Please Donate to the Ron Santo Walk to
Cure Diabetes with Ethan's Crew!