American Express Fixes SQL Injection Vulnerability In Its Website

Kontik

Kontik

DEER
Messages
140
Reaction score
27
Points
28
American Express Fixes SQL Injection Vulnerability In Its Website

The well known credit card company American Express has fixed an SQL injection security vulnerability on its web site that allowed direct access to the server’s database. Originally found by student Nils Kenneweg, American Express move quickly to plug the hole and issued a statement saying that the vulnerability was never exploited and that its customer data has remained intact.

Nils discovered the vulnerability when he notice that the website did not validate data passed to a search function. Crafting special search queries then gave access to the database. Nils reported the vulnerability to the German security website Heise Security who in turn told its English equivalent The H Security, as well as informing American Express.

There is some doubt about American Express’ auditing of this problem as with direct access to the database, it couldn be possible to access to the data without leaving traces.
 
You must log in or register to reply here.

Similar threads

chushpan
💸 Elastic has released security updates to address a critical vulnerability in its Kibana data visualization software
Replies
0
Views
116
chushpan
chushpan
chushpan
🤖 Ballista Botnet Exploits Unpatched TP-Link Vulnerability to Infect Over 6,000 Devices
Replies
0
Views
166
chushpan
chushpan
Man
Critical vulnerabilities in Fortinet and Ivanti compromise U.S. security
Replies
0
Views
144
Man
Man
Man
Google Big Sleep: AI surpasses humans in finding vulnerabilities for the first time
Replies
0
Views
151
Man
Man
Friend
FlyCASS: easy bypass of airport controls has become a reality
Replies
0
Views
142
Friend
Friend
Back
Top