WHID 2005-21: Insufficient authentication on USC admissions site allowed access to applicants data

A person who discovered an SQL injection vulnerability in a USC system and informed security focus about the flaw was criminally charged with breaking into the system.

Additional information:

Man charged with accessing USC student data [Security Focus, Apr 20 2006]
Flawed USC admissions site allowed access to applicant data [Security Focus, Jul 5 2005]

Attack Method:

Insufficient Authorization

OS Commanding

SQL Injection

Incident Outcome:

Disclosure Only

Add new comment

WHID 2005-21: Insufficient authentication on USC admissions site allowed access to applicants data

Science or Religion?

Further Research

Presentations

You are here

WHID 2005-21: Insufficient authentication on USC admissions site allowed access to applicants data

Science or Religion?

Further Research

Presentations