Multiple SQL Injection Vulnerabilities on CNN website Exposed
The Hacker News
Yes ! CNN is also not Secure site, There are Multiple SQL Injection Vulnerabilities on CNN News site exposed by Hacker named "Sec Indi".


CNN.com is among the world's leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN's world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN's global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day.


SQL Injection Vulnerable Links :
1.) https://cgi.money.cnn.com/tools/collegecost/collegecost.jsp?college_id='7966


2.) https://cgi.money.cnn.com/tools/fortune/compare_2009.jsp?id=11439'


Screenshots Submitted By Hacker :
The Hacker News

The Hacker News
SQL Injection Vulnerability was the Reason for biggest data breaches of 2011 ,like various SONY hacks. Hacker said that he inform the CNN admin 2-3 times, but site is still Vulnerable. I think now CNN should take this small bugs Seriously.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.