attack the MySQL website through a SQL injection
MySQL database is a popular open source database. MySQL is owned by Oracle after the acquisition of Sun, its former owner.
The attack is attributed to TinKode and Ne0h Slacker.Ro Romanian group. The extracted data have been published on the site pastebin.com, something usual in this type of exploit.
addition
attackers main site countered the attack in localized versions of MySQL.com. In particular the French, German, Italian and Japanese.
The data presented correspond to the credentials of the users of the MySQL server and dump the database of the site. Among the credentials can be seen usernames, hashed passwords, emails and addresses.
Some of the hashes have also been published in the clear because they were so simple that the attackers probably took them little time to find your mail using brute force with rainbow tables. Surprisingly (or not) seen as weak passwords as a simple 4 digit number for the administrator account.
It so happens that the MySQL site already contained a vulnerability to cross-site scripting is active. This vulnerability was made public via twitter last January and still not be solved.
http://www.hispasec.com/unaaldia/4538 uploads data to pastebin that mention can be found here:
http://pastebin.com/BayvYdcP
A greeting ... soon.
0 comments:
Post a Comment