Healthcare.gov Autofilling Search Box With SQL Injections

|

healthcare_gov

Written by: C. Anthony Esposito II

Yet another concern arises for the embattled Healthcare.gov site. Many of you already know of Healthcare.gov and the issues they are now attempting to overcome. These however do not appear to be the only issues affecting the site. A little less than two weeks ago it was discovered that there was a DDos (Denial of Service) attack that had been launched against the site and widely reported. More info on that can be found here (http://www.arbornetworks.com/asert/2013/11/healthcare-gov-dos-tool/ )  Now it appears the site is being plagued with even more issues. A simple visit to the site and the search box shows and auto-completes a list of SQL injections.

HOW TO: Change system date in OS X ...
HOW TO: Change system date in OS X from Terminal

A SQL injection is a technique in which an entry field is used to take advantage of non-valid input vulnerabilities with malicious SQL statements. These vulnerabilities pass the SQL commands through the Web application for execution on the back-end database. The malicious SQL statements then take advantage of those vulnerabilities and allow attackers to execute arbitrary SQL queries and commands.

While the SQL injections can cause serious issues, it would appear that these auto filled commands in the search box on Healthcare.gov do not function and they are little more then an eye soar to those who use the site. What it does do however is bring up serious concerns as to the safety and future of the site. All we can do now is hope that they can get the site fixed and secured properly.

Last Updated on January 23, 2017.

Previous

Watch The Live Interview With Al Lowe And Paul Trowe Of Replay Games

Valve Has Imagined Steam In The Virtual Reality World, So You Didn’t Have To

Next

Latest Articles

Share via
Copy link
Powered by Social Snap