#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Flickr | Breaking Cybersecurity News | The Hacker News

Category — Flickr
Flickr Cross-Site Request Forgery Vulnerability Patched

Flickr Cross-Site Request Forgery Vulnerability Patched

Aug 06, 2014
Yahoo-owned Flickr, one of the biggest online photo management and sharing website in the world was recently impacted by a web application vulnerability , which could allow an attacker to modify users' profile image. Flickr is one of the most popular photo sharing website with more than 87 million users, therefore some top major target for cybercriminals. The site was vulnerable to the most common vulnerability known as Cross-Site Request Forgery (XSRF or CSRF), which is very easy to exploit by attackers. Cross-Site Request Forgery is a method of attacking a Web site in which an intruder masquerades as a legitimate and trusted user. All the attacker need to do is get the target browser to make a request to your website on their behalf. If they can either: Convince your users to click on a HTML page they've constructed Insert arbitrary HTML in a target website that your users visit Not too difficult, is it? Abdullah Hussam , a 17 years old programmer from Iraq found that just
Flickr vulnerable to SQL Injection and Remote Code Execution Flaws

Flickr vulnerable to SQL Injection and Remote Code Execution Flaws

Apr 14, 2014
Yahoo-owned Flickr , one of the biggest online photo management and sharing website in the world was recently impacted by critical web application vulnerabilities, which left website's database and server vulnerable hackers. Ibrahim Raafat , a security researcher from Egypt has found SQL injection vulnerabilities on  Flickr Photo Books , new feature for printing custom photo books through Flickr that was launched 5 months ago. He claimed to have found two parameters ( page_id , items ) vulnerable to Blind SQL injection and one  (i.e. order_id ) Direct SQL Injection that allowed him to query the Flickr database for its content by the injection of a SQL SELECT statements. A Successful SQL exploitation could allow an attacker to steal the Database and MYSQL administrator password. Furthermore, Flickr's SQL injection flaws also facilitate the attacker to exploit remote code execution on the server and using  load_file("/etc/passwd")   function he was successfu
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
Expert Insights / Articles Videos
Cybersecurity Resources