Author Topic: MySQL.com hacked via... SQL injection vuln  (Read 3724 times)

0 Members and 1 Guest are viewing this topic.

Offline Satan911

  • VIP
  • Knight
  • *
  • Posts: 289
  • Cookies: 25
  • Retired god/admin
    • View Profile
MySQL.com hacked via... SQL injection vuln
« on: March 28, 2011, 08:48:57 pm »
MySQL.com was hacked over the weekend via an attack which used a blind SQL injection exploit to pull off the pawnage.
Hackers extracted usernames and password hashes from the site, which were subsequently posted to pastebin.com. Any easy to guess login credentials could be easily extracted from this data using rainbow tables to match dictionary passwords to their hash values.

[...]

Article: http://www.theregister.co.uk/2011/03/28/mysql_hack/
Satan911
Evilzone Network Administrator

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: MySQL.com hacked via... SQL injection vuln
« Reply #1 on: March 28, 2011, 09:11:32 pm »
Almost 1 april right?
~Factionwars

Offline Satan911

  • VIP
  • Knight
  • *
  • Posts: 289
  • Cookies: 25
  • Retired god/admin
    • View Profile
Re: MySQL.com hacked via... SQL injection vuln
« Reply #2 on: March 28, 2011, 09:58:27 pm »
I've seen the database tables / columns.. Will try to find it. (it was in another article)

Edit: Here's a bit more detail: http://www.hackerregiment.com/mysql-com-vulnerable-to-blind-sql-injection.html
« Last Edit: March 28, 2011, 09:59:21 pm by Satan911 »
Satan911
Evilzone Network Administrator

Offline Zesh

  • Royal Highness
  • ****
  • Posts: 699
  • Cookies: 42
    • View Profile
Re: MySQL.com hacked via... SQL injection vuln
« Reply #3 on: March 28, 2011, 10:08:21 pm »
MySQL.com was done over by a SQL injection, LOL :P

Offline IFailStuff

  • VIP
  • Knight
  • *
  • Posts: 338
  • Cookies: 25
  • Certified fuckup
    • View Profile
Re: MySQL.com hacked via... SQL injection vuln
« Reply #4 on: March 28, 2011, 11:26:59 pm »
Maybe it's a fake database that they set up for 1st april? :P

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: MySQL.com hacked via... SQL injection vuln
« Reply #5 on: March 28, 2011, 11:39:12 pm »
Maybe it's a fake database that they set up for 1st april? :P
Very good possibility, as its just to funny to be real:P.
 
~Factionwars

Offline Satan911

  • VIP
  • Knight
  • *
  • Posts: 289
  • Cookies: 25
  • Retired god/admin
    • View Profile
Re: MySQL.com hacked via... SQL injection vuln
« Reply #6 on: March 28, 2011, 11:57:48 pm »
I don't know it seems like a bit risky and it's not even April 1st.
Satan911
Evilzone Network Administrator

Offline I_Learning_I

  • Knight
  • **
  • Posts: 267
  • Cookies: 26
  • Nor black or white, not even grey. What hat am I?
    • View Profile
    • Hacking F0r Fr33
Re: MySQL.com hacked via... SQL injection vuln
« Reply #7 on: March 29, 2011, 01:27:16 am »
Has MySQL answered to that? Figures it something like that happened it would be all over the internet in every forums and so.
Thanks for reading,
I_Learning_I

Offline Clowner

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: MySQL.com hacked via... SQL injection vuln
« Reply #8 on: March 29, 2011, 10:40:50 am »
lol!

Offline Pillus

  • Serf
  • *
  • Posts: 21
  • Cookies: 2
  • RTFM
    • View Profile
    • ChaseNET
Re: MySQL.com hacked via... SQL injection vuln
« Reply #9 on: March 29, 2011, 10:55:33 am »
Oh i smell thy irony! >_<