University of Washington’s database was leaked

University of Washington has been hacked once again and their database was leaked. This time they were hacked by N0B0DY and N0LIFE. You can see the information they published on pastebin. You can see the users and WordPress users with their (encrypted) passwords and emails. Once again, hackers used SQL injection to gain access to university’s database. There are more than one vulnerable links that hackers can use to gain access to their database. It is very easy to prevent such attacks and there are more than one ways to do it. If you are too lazy to change your code at least validate the input values. The best way to do this is by using stored procedures and pass the values as parameters instead of building the command string to be executed. It is the most common vulnerability, we have seen hundreds hacks exploding SQL injection and yet there are many websites still vulnerable and just waiting to be hacked.