An old website of the VARA contained a sql-injectionlek allowing access to the database could be obtained. This could, among other 19.000 e-mail and ip-addresses are read out. The website is now off the air.
The website of Mooi weer de Leeuw, a DUTCH program that in 2009 of the tube disappeared, contained a vulnerability. On the website could until Friday afternoon by manipulation of a variable, sql queries are performed, according to the discoverer, a hacker who himself Xcrypt0 calls, to Tweakers.net.
In the case of the VARA website could with sql injection the entire database of the website to be read. This could, among other 19.000 e-mail and ip-addresses from the database are read in a table of a guestbook were saved. Erik Leenders, webmaster at VARA, it confirms that the website was fragile and considers the fact that personal data could be read as ‘evil’. “This site had a pretty old content management system,” says Leenders. The cms would not be for other VARA-sites are applied; this is now TYPO3 is used.
According to Xcrypt0 it was possible to have database records to match, all he says is that itself not to have done. According to him, the VARA did not respond to his e-mails, in which he warned of the leak. Then mailed he Tweakers.net over the leak. After Tweakers.net contact with the VARA was included, was the site within three quarters of an hour offline. The website is no longer online, says Leenders.