Hacker Finds SQL Injection Vulnerability in Army Website
A Romanian hacker has disclosed an SQL injection vulnerability on a US Army website that could lead to a full database compromise. According to a report from Softpedia, a website used to provide information about military housing facilities to soldiers, called Army Housing OneStop, was found to be storing passwords in plain text — a major security oversight. A compromised AHOS website could provide an intruder access to some 76 databases on the server, some containing confidential information on worldwide Army installations. The AHOS has since been taken offline. Information Week reported in May 2009 that a Turkish hacker infiltrated two sensitive US Army servers. One was located at the McAlester Ammunition Plant in McAlester, Oklahoma, and the other in Winchester, Virginia at the US Army Corps of Engineers’ Transatlantic Center.