The Members Forum

Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: SQL injection attack successfully used on MySQL.com


Administrator / Manager

Status: Offline
Posts: 2499
Date:
SQL injection attack successfully used on MySQL.com
Permalink   


MySQL.com, home of the popular database software used to power much of the web, was hacked by a SQL injection attack over the weekend. The hackers were able to use the exploit to extract usernames and password hashes from the site. Shortly after extracting the information they posted it on pastebin.com.

Hackers TinKode and Ne0h of Slacker.Ro out of Romania claimed responsibility for the hack when they posted it on pastebin.com. But a hacker by the name of Jackh4xor posted the same information on the Full Disclosure mailing list before TinKode or Ne0h posted it online. A similar attack to the one at MySQL was also attempted on Oracle's website, MySQLs parent company. No login credentials were able to be extracted during the hack on Oracle's website.

 After extracting the information from MySQL the hackers were able to decipher simple dictionary passwords with rainbow tables. It was found, according to The Register, that the director of product management for WordPress at MySQL had a simple four digit password for his account on the site.

MySQL should have been ready for this type of attack. TinKode and Ne0h claimed in a blog post that they had discovered and posted the vulnerability in multiple places including XSSed.com and the Insecurity.ro message boards back in January.

Neowin has the details HERE!




__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard