University of Alaska Fixes SQL Injection Flaw on Its Website

University of Alaska has addressed a serious SQL Injection vulnerability that affected one of its website’s subdomains after being notified by Gambit, a security enthusiast and hacker who until recently has focused his efforts mainly on finding cross-site scripting flaws.

“Well here is something outside of what I normally do, an SQL-Injection. I actually found it a few months ago and did nothing with it. Found it to still be vulnerable and got 7 of the 300+ tables and got the columns to the "admin_menu" table and sent the info off to the guy who manages the site,” he explained.

“Took a week for him to reply but he fixed the issue,” he added.

We applaud University of Alaska’s webmasters for knowing how to properly collaborate with security researchers. Others should follow their example to avoid waking up one day with the details of tens of thousands of students stolen by ill-intended hackers.

Add me on Google+

Via: University of Alaska Fixes SQL Injection Flaw on Its Website