Saturday, November 24, 2007

Bakaláři SQL vulnerability

A few weeks ago (precisely Nov 7 2007) I've found out a way how to break into the bakaláři czech high school system database. I used probably the most known method called SQL injection. After something below an hour (got up about 9:30, sent an email to the school at 10:08) I got the magic formula to execute SQL queries.
fuj order by cas desc'; select 1; -- '

Ok, so I informed the school which I had been attending for 6 years in the past about the security hole. But then I realized that it's not school specific, I found many schools which use the same system, so I didn't hesitate to drop a message to bakalari.cz people. Their reaction was fast and they fixed the problem next morning with promise that they will post updates to all high schools. Nice.

Not that much, because this haven't happened so far, you can still find many schools which are still vulnerable against this attack. This pisses me off little bit, I only hope they weren't involved in any grant for this sloppy work.

EDIT (Dec 8) they finally either seem to distribute the upgrade or the school admins update the soft.