The Hacker News Logo
Subscribe to Newsletter

Multiple SQL Injection Vulnerabilities on CNN website Exposed

Multiple SQL Injection Vulnerabilities on CNN website Exposed
Yes ! CNN is also not Secure site, There are Multiple SQL Injection Vulnerabilities on CNN News site exposed by Hacker named "Sec Indi".


CNN.com is among the world's leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN's world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN's global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day.


SQL Injection Vulnerable Links :
1.) http://cgi.money.cnn.com/tools/collegecost/collegecost.jsp?college_id='7966


2.) http://cgi.money.cnn.com/tools/fortune/compare_2009.jsp?id=11439'


Screenshots Submitted By Hacker :

SQL Injection Vulnerability was the Reason for biggest data breaches of 2011 ,like various SONY hacks. Hacker said that he inform the CNN admin 2-3 times, but site is still Vulnerable. I think now CNN should take this small bugs Seriously.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.