The hacker known as 'Zer0Pwn' claimed that he discovered SQL injection vulnerability in the U.S Department of Defense (dod.mil).
The vulnerability resides in the external login page of subdomain 'jieddo.dod.mil'. Hacker specified the SQLi vulnerability type as POST MsSQL injection.
In order to exploit the vulnerability, You must put an email before any of your queries, or else it won't work.For Example: asd@asd.com' or 1=convert(int, @@version)--
"I have quite an interesting vulnerability to share. I have tested it, and it does work. So instead of exploiting it, I thought I'd let you guys have some fun messing around with it."Hacker said in the release.
"I have left @TheWikiBoat. We had some personal issues going on between us, and I eventually decided it would be best for me and for the group that I leave. So now I'm flying solo again."