WHID 2008-04: RIAA web site cleared

The web site of RIAA, the Recording Industry Association of America was attacked twice using SQL injection over the weekend. First a query that takes particularly long time was posted on a social network web site causing a distributed denial of service attack against the site. Later on hackers found and abused additional SQL injection and XSS vulnerabilities resulting in major defacement of the site.

Additional information:

• RIAA wiped off the net [The Register, Jan 21 2008]
• This link runs a slooow SQL query on the RIAA's server. Don't click it; that would be wrong [Reddit, Jan 20 2008]
• RIAA Website Wiped Clean by "Hackers" [Torrent Freak, Jan 20 2008]