SQL injection insecurities: RIAA
As I was reading Digg early this morning, I stumbled upon this story that many SQL injection opportunities were uncovered by people hoping to defame the site. Through a simple query to drop entries or the tables themselves, the database was cleared of all custom data, leaving many of the pages on riaa.com devoid of any content. In addition, some variables in the php pages could be exploited to show custom content on the respective pages.