
Hacking the NHS for Fun and No Profit - sintheticlabs
https://medium.com/@nmalcolm/hacking-the-nhs-for-fun-and-no-profit-90931029dcb4
======
Brybry
This seems really brave (and stupid) to do. Especially when he went past the
step of scanning for the SQL injection to actually using the SQL injection to
grab admin user credentials and login to the application.

I feel like if one were to do this in the US, without permission, that they'd
be running a high risk of ending up in jail.

That said, it's scary to see that common 90s and 2000 era security issues are
still so common.

