.

SQL Injection in BT.com (British Telecommunications)



“BT is one of the world’s leading providers of communications solutions and services operating in 170 countries. Its principal activities include networked IT services, local, national and international telecommunications services, and higher-value broadband and internet products and services. BT consists principally of four lines of business: BT Global Services, Openreach, BT Retail and BT Wholesale.”

“The most complete UK broadband, phone lines and mobile products, digital TV, web hosting, online security and networked IT services for home”

The description says it all. One of the giants in IT, mobile, TV and internet services. A Giant Company with a huge database. You don’t need to be an internet whiz, not even a computer literate to understand the tremendous implications that result from such a database beeing vulnerable.

A faulty parameter, improperly sanitized opens the vault to the pretious databases. One can gain access to such ordinary things as personal data, login data, and the like. In the first syntax I concatenated the table names as well as the version and the user of the database.



Lets see some of the user login data for different data bases (among which, of course, the admins of the respective sections).



As well as the login data and personal data (email, active, lastloggedin, firstname, surname, address, town, postcode, level, randomkey, password) for some of the registered users.

 

0 comments so far.

Something to say?