Fri 28 Aug 2009
Looks like Yahoo! Local was vulnerable to SQL injection. It turns out that Yahoo! Local was using MySQL 5 and was not securely configured (allowing load_file).
Again, this proves that it’s enough to have a single SQL injection vulnerability to open the gate for a complete takeover.
Following the resent news that the Heartland breach initially started from a simple SQL injection attack this just proves that SQL injection is still alive and kicking.
I wonder if Yahoo! Local was developed using good development practices like using bind-variables, sanitizing input and output, never displaying errors on screen and so on. Looks like the site was developed in PHP. Come on guys, look at the prepare and bind methods here. It’s easy enough.
Notice the URL in the images – amazing how easy this is!