Latest Notification in The Hacker News Vault by a Hacker named "Xenu (Casi)" from r00tw0rm Team that There are 63 Blind SQL injection Vulnerabilities exist on United Nation's Website (www.un.org). Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements.
Information purported to be stolen from the organization was posted on the site Pastebin on Thursday morning. Martin Nesirky, a spokesperson for the Secretary General of the United Nations, confirmed the breach."A case of unauthorized access to the UN website is still being investigated," Nesirky said in a statement. "Whoever sought access was able to read some data from databases but was not able to modify content and was not able to prevent public access to the website."