RIAA webserver compromised

The following url was found on a popular aggregation site


broken down into component pieces the actual sql commands are easier to read:


We can see that the url parameters contain a mysql command to benchmark 10M md5 operations on the string ‘asdf’. The very clear and simple vector allowed some others to achieve content insertion and even possibly deletion. What is worse is that a malicious person could have easily planted an iframe in the content to infect every visitor of the RIAA website. They are clearly not conducting code reviews on the RIAA website since this type of SQL injection attack would be noticed by even the most novice of auditors. The Content Management System (CMS) used was known to be vulnerable so there were likely patches available.

Post a Comment

You must be logged in to post a comment.