Wednesday 1 April 2015

Oracle Security At Risk: Pwn3d By a White Hat Hacker

Oracle Security at Risk: Pwn3d By a White Hat Hacker!

Usually, Big Companies are in a Top-Level in terms of Cyber Security! Unfortunately is not the case of ORACLE, the notorious software-house of Java.

An Information Security Researcher, Christian Galeone - Italy, demonstrated how a Single BIG Security Vulnerability. May represent a Severe Threat to Big Companies and even to their Employees!.

What he has found was a Path Traversal / LFI - Local File Inclusion Vulnerability into Java JDK7 Website!.

After his Exploitation, he noticed that Important Sensible Server-Side Data(s) were contained in it.

The Vulnerability nor only allowed him to display the Web Server Credentials including the R00T Access but into his Vulnerable Source Code they have (wrongly) disclosed more than 460+ Private Email Addresses of their Employees! - is a BIG Issue if you're worried about BlackHat Hackers ;-)

After his finding, he Fastly reported it to their Security Team which fixed it in 1 Single Day and decided to Acknowledge Christian for his Ethical Behaviour by adding him into their Next CPU (Critical Patch Update) for the next roll of 14 April 2015!.

"Security? Just an Illusion" By HackersOnlineClub Team ;-)


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer