The European Space Agency (ESA) is an intergovernmental organisation dedicated to the exploration of space. Hacker going by name "SlixMe" find and exploit SQL Injection vulnerability on a sub domain of website.

Hacker upload dump on his website, where he disclose the SQLi vulnerable link and Database tables also. Hacker also mention that other 5 domains are also hosted on same server, that can be exploited if he will be successful to exploit one site completely.

Exploited Domain : https://television.esa.int/


Method mentioned as "PostgreSQL AND error-based - WHERE or HAVING clause". In further discluse the PayLoad of injection also published.

Site is vulnerable at time of publishing this article.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.