Romanian hackers continue to have a field day with SQL injection flaws in
major Website applications: A vulnerability in a U.S. Army Website that leaves
the database wide open to an attacker has now been exposed.
"TinKode," a Romanian hacker who previously found holes in NASA’s Website,
has posted a proof-of-concept on his findings on a SQL injection vulnerability
in an Army Website that handles military housing, Army Housing OneStop. TinKode
found a hole that leaves the site, which has since been taken offline,
vulnerable to a vulnerable to a SQL injection attack. "With this vulnerability I
can see/extract all things from databases," he blogged.