MySQL.com compromised through SQL injection

    The MySQL DBMS offsite was hacked yesterday by two attackers through a trivial SQL injection. A hacking report was published on the link and some parts of the internal structure of the database, password dumps, etc. were posted. Worst of all, user passwords have already been developed , including the password for the director of development of MySQL products (only four characters), the passwords of numerous admins on the forum, etc. So if you have an account on MySQL.com, it is recommended to urgently change the registration data. By the way, the same two attackers simultaneously hacked Sun.com in the same way .

    Vulnerable Target : mysql.com/customers/view/index.html?id=1170
    Host IP : 213.136.52.29
    Web Server : Apache/2.2.15 (Fedora)
    Powered-by : PHP/5.2.13
    Injection Type : MySQL Blind
    Current DB : web





    Also popular now: