The researchers reported the issue to the vendors they found vulnerable but also contributed their technique to SQLMap, an open-source penetration testing tool that automates SQL injection attacks.

In addition to the MS Exchange flaws, the Checkmarks attack platform also features a SQL injection module using SQLMap to scan for potentially exploitable flaws on a target's website.

Researchers say a bug let them add fake pilots to rosters used for TSA checks TSA security could be easily bypassed by using a simple SQL injection technique, say security researchers.