MIT and other State.gov websites vulnerable to SQL injection

A hacker with an online handle of “hack_addict” had exclusively informed me through e-mail. According to him, there is an SQL injection flaw in the website of Massachusetts Institute of Technology (MIT) and other state.gov websites.

The state.gov websites include, Mississippi State Oil and Gas Board, Maryland State Department of Education, Texas Military Forces, Center of Higher Learning – State of Mississippi, and Vermont Legislature – State of Vermont.

MIT has two sub domains affected, namely ceder.mit.edu and burgaz.mit.edu. In the post published by “hack_addict”, the vulnerable parameter of the website is “ID.”

http://ceder.mit.edu/getpaper.php?id=295, http://burgaz.mit.edu/getpaper.php?id=267

It triggers the security glitch to print the following mysql error:

“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’295’ at line 1”

The hacker then leak some other private information of the website like : Web server, DB server, and current database details.

That is true on the state.gov websites.

Check the complete details of the compromised websites here.