[WASC-WHID] WHID 2011-57: MySQL.com hacked via... SQL injection vuln
WASC Web Hacking Incidents Database
wasc-whid at lists.webappsec.org
Mon Apr 25 09:11:28 EDT 2011
*Entry Title: *WHID 2011-57: MySQL.com hacked via... SQL injection vuln
*WHID ID: *2011-57
*Date Occurred: *March 28, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Technology
*Attacked Entity Geography: *USA
*Incident Description: *MySQL.com was hacked over the weekend via an attack
which used a blind SQL injection exploit to pull off the pawnage.
Hackers extracted usernames and password hashes from the site, which were
subsequently posted to pastebin.com.
*Mass Attack: *No
*Attack Source Geography: *Romainia
*Items Leaked: *usernames, passwords
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wasc-whid