back to article Hacktivist vuln still plagues UN.org

The official website of the United Nations has yet to fix a vulnerability that more than two years ago allowed hacktivists to replace official content with their own activist messages. According to Errata Security CEO Rob Graham, the same SQL injection flaw that plagued the site in August of 2007 remains unfixed now. It's …

COMMENTS

This topic is closed for new posts.
  1. Carter Cole
    Pirate

    SQL Injection is easy to fix

    this is just dumb i cant believe they leave such stupid venerabilities open i hope this article pushes them to fix the issue for their sake and their users

  2. Herby

    Just put in a message about global warming

    and add that it is all bogus. Do it every day and it might make a point.

    Of course you could also add a message that there is $20 if you write to the Secretary General and include coupon code #64327.

  3. Anonymous Coward
    FAIL

    The UN to a tee

    Big, useless, expensive, can't even sort out it's own shit and yet it wants to make itself even bigger.

    Replace with "the government", "Gordon Brown", "Apple" etc as you wish but the UN is the worst of them all when it comes to screwing up and refusing to shoulder the blame.

  4. Anonymous Coward
    Alert

    Wow

    Jesus Christ... I could do this hack when I was 14 years old (white hat of course: I learned after 5 minutes of googling how to secure my site against it preemptively). Ridiculous.

  5. Jason Croghan
    FAIL

    Looks like someone deleted the entire database already...

    select * from sysobjects

    ...is returning nothing!

  6. I didn't do IT.
    Badgers

    Patch (finally) in progress?

    Clicking on the (provided) link:

    ADODB.Recordset.1 error '80004005'

    SQLState: 37000

    Native Error Code: 8180

    SQLState: 37000

    Native Error Code: 170

    [MERANT][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near ''.

    [MERANT][ODBC SQL Server Driver][SQL Server]Statement(s) could not be prepared.

    /apps/news/infocus/sgspeeches/statments_full.asp, line 28

This topic is closed for new posts.

Other stories you might like