How Jamie Oliver's Website Hacked

How Jamie Oliver's Website Hacked

Three days ago, we have reported that the Jamie Oliver's website was hacked again and drops digitally signed malwares. While discussing upcoming projects, we have asked security researcher Aria Akhavan to explain the Oliver's website hack -- how the hackers gained access to Oliver's website.

So he performed a quick research on Oliver's website and found several security holes that allows attackers to inject malicious codes into the website. He found several blind SQL injection vulnerabilities that allows him to retrieve admin account details from Oliver's website.

Akhavan said, "Exploiting those security issues would be easy by simply sending SQL statements over several vulnerable parameters on the website. Since the statements are not filtered they get executed and give out sensitive information about everything on the server."

"An attacker with mysql file privileges can easily spawn a shell using SQL injections. Its a shame that such vulnerabilities still exist." he added.

If you want to secure your website, you can contact him on https://websec-test.com.

No comments

Powered by Blogger.