How Low Can You Go? - Imperva Data Security Blog

May 07, 2008

How Low Can You Go?

If you are wondering about the answer to this question regarding Web Application Security, you must read the following article in the Register and then get some further gory details and examples from the Daily WTF. In this story, the personal details of Oklahoma crime offenders were made public for at least three years. And I mean all the personal details: names, addresses, dates of birth, social security numbers, even medical records - the full monty.

The Oklahoma Department of Corrections website was vulnerable to SQL Injection not by mistake but by design. Exposing information not only belonging to sex offenders (exposing the exposed), but also of other offenders. And as the SQL vulnerability had appeared through the state's Sexual and Violent Offender Registry, it actually allowed anonymous Web users to report their neighbor that moved the fence by 2 inches as a violent sex offender...

Posted by Brian Contos at 04:53:44 PM | ADC Team

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01156f8c7ad8970c011570360d34970c

Links referencing this article:

You can follow this conversation by subscribing to the comment feed for this post.

Comments

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.