|
|
|
|
|
|
by mike-cardwell
5004 days ago
|
|
|
I looked at the Nottingham University leak on Tuesday. The leak actually just contained the database schema and not the contents of the database. But it also contained the URL which could be abused to do an SQL injection. I tried adding an apostrophe to one of the parameters in the URL and an SQL error was returned. That page appears to be down now. One of the tables looked like this: | courseCode | varchar(25) |
| dob | date |
| email_address | varchar(50) |
| first_name | varchar(25) |
| ID | int(11) |
| last_name | varchar(25) |
| lastupdated | date |
| orgnameID | int(11) |
| orgnameother | varchar(50) |
| student_id | varchar(25) |
Probably not massively useful data. Unless you want to perform a spear phishing attack, pretending that you're the University. Then it would be very useful.EDIT: This was the Student Union database. I'm not sure how many students it would contain. Maybe a small number? Maybe all of them? |
|
|