Saturday, August 22, 2015

SQL Injection in DLSU's main website

De La Salle University is one of the Philippines' most prestigious universities and is included in the "Top 4 universities and colleges in the Philippines". However, their site has an SQL injection vulnerability. I have reported it to them the past 2 years (since I was 3rd year High School) but got no reply.
There are many vulnerable parameters. Among them is this:

Notice the string (%27) which will say whether it can be injected or not.


That's all

No comments:

Post a Comment