[WASC-WHID] WHID 2011-57: MySQL.com hacked via... SQL injection vuln

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:11:28 EDT 2011


*Entry Title: *WHID 2011-57: MySQL.com hacked via... SQL injection vuln
*WHID ID: *2011-57
*Date Occurred: *March 28, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Technology
*Attacked Entity Geography: *USA
*Incident Description: *MySQL.com was hacked over the weekend via an attack
which used a blind SQL injection exploit to pull off the pawnage.
Hackers extracted usernames and password hashes from the site, which were
subsequently posted to pastebin.com.
*Mass Attack: *No
*Reference: *http://www.theregister.co.uk/2011/03/28/mysql_hack/
*Attack Source Geography: *Romainia
*Items Leaked: *usernames, passwords
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/cb2575a6/attachment-0003.html>


More information about the wasc-whid mailing list