Wisst ihr was?!
(Source:
The Hacker News) Ok ich sehe dass CNN wohl gehackt wurde.. aber weder wiss ich wie die Seite vorher im original aussah, noch ähm was weiss ich. Ähm nachdem dieses Etwas aber irgendwie interessant aussieht hab ich es hier mal reingepostet zum angucken
http://cgi.money.cnn.com/tools/collegecost/collegecost.jsp?college_id=%277966Bzw kann mir jemand sagen was das denn ist?
What will college run you?Find the annual costs of any four-year college or university in the United States.
ERROR!
SELECT G.NAME, G.STATE_CODE, G.CITY, E.TUIT_OVERALL_FT_D, E.TUIT_AREA_FT_D, E.TUIT_STATE_FT_D, E.TUIT_NRES_FT_D, E.FEES_FT_D, E.RM_BD_D, E.RM_ONLY_D FROM COLLEGE_EXPENSES E, COLLEGE_GENERAL G WHERE G.INUN_ID = '7966 AND G.INUN_ID = E.INUN_ID (+) ORDER BY E.ACAD_YR DESC
java.sql.SQLException: ORA-01756: quoted string not properly terminated
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:169)
at oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:208)
at oracle.jdbc.ttc7.Oall7.receive(Oall7.java:543)
at oracle.jdbc.ttc7.TTC7Protocol.doOall7(TTC7Protocol.java:1405)
at oracle.jdbc.ttc7.TTC7Protocol.parseExecuteDescribe(TTC7Protocol.java:643)
at oracle.jdbc.driver.OracleStatement.doExecuteQuery(OracleStatement.java:1819)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:2015)
at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:571)
at _jsps._collegecost._collegecost_jsp._jspService(_collegecost_jsp.java:207)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:579)
College Data Source: PETERSON'S, A Nelnet Company
2010
The Hacker News http://cgi.money.cnn.com/tools/fortune/compare_2009.jsp?id=11439%27
FORTUNE 500 Fortune 1000 Compare ToolOur annual ranking of America's largest corporations
FORTUNE 500
Our annual ranking of America's largest corporations
Revenues, Profits
Profits as % of...
EPS, Total return, Employees
ERROR!
select * from ( select RANK, COMPANY_ID, NAME, REVENUE, REVENUE_GROWTH, PROFIT, PROFIT_GROWTH, PROF_PCT_REVENUE, PROF_PCT_ASSETS, PROF_PCT_EQUITY, EPS_10YR_GROWTH, TRI_10YR, TRI, EMPLOYEES, EMPLOYEE_GROWTH from TIME_OWNER.F500_2009 where COMPANY_ID IN(11439') order by rank asc) union all select * from ( select RANK, COMPANY_ID, NAME, REVENUE, REVENUE_GROWTH, PROFIT, PROFIT_GROWTH, PROF_PCT_REVENUE, PROF_PCT_ASSETS, PROF_PCT_EQUITY, EPS_10YR_GROWTH, TRI_10YR, TRI, EMPLOYEES, EMPLOYEE_GROWTH from TIME_OWNER.F500_2009 where RANK <= 10 order by rank asc)
java.sql.SQLException: ORA-01756: quoted string not properly terminated
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:169)
at oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:208)
at oracle.jdbc.ttc7.Oall7.receive(Oall7.java:543)
at oracle.jdbc.ttc7.TTC7Protocol.doOall7(TTC7Protocol.java:1405)
at oracle.jdbc.ttc7.TTC7Protocol.parseExecuteDescribe(TTC7Protocol.java:643)
at oracle.jdbc.driver.OracleStatement.doExecuteQuery(OracleStatement.java:1819)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:2015)
at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:571)
at _jsps._fortune._compare_2009_jsp._jspService(_compare_2009_jsp.java:509)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:579)
http://www.thehackernews.com/2011/06/multiple-sql-injection-vulnerabilities.html
- [url=http://www.thehackernews.com/2011/06/multiple-sql-injection-vulnerabilities.html]The Hacker News[/url] schrieb:
- SQL Injection Vulnerability was the Reason for biggest data breaches of 2011 ,like various SONY hacks. Hacker said that he inform the CNN admin 2-3 times, but site is still Vulnerable. I think now CNN should take this small bugs Seriously.
So Jun 19, 2011 6:11 pm