MySQL.com (the official site for the MySQL database) was compromised via (shocking!) blind SQL injection. A post was sent today to the full disclosure list explaining the issue and dumping part of their internal database structure.
Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170
Host IP : 213.136.52.29
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : webSo their customer view application was used as the entry point, where the attackers were able to list the internal databases, tables and password dump…
What is worse is that they also posted the password dump online and some people started to crack it already. Some of the findings are pretty bad, like that the password used by the MySQL director of product management is only 4 numbers (6661).
We will post more details as we learn more about it.
Share0 0share0shareNew
MySQL.com Vulnerable To Blind SQL Injection Vulnerability From: Jack haxor <jackh4xor () h4cky0u org>
Full Disclosure mailing list archives
Date: Sun, 27 Mar 2011 05:46:30 +0000
--------------------------------------------------------------------------------------- [+] MySQL.com Vulnerable To Blind SQL Injection vulnerability [+] Author: Jackh4xor @ w4ck1ng [+] Site: http://www.jackh4xor.com --------------------------------------------------------------------------------------- About MySQL.com : -------------------------------------------------------------------------------------------------------------------- The Mysql website offers database software, services and support for your business, including the Enterprise server, the Network monitoring and advisory services and the production support. The wide range of products include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net, visual database tools (query browser, migration toolkit) and last but not least the MaxDB- the open source database certified for SAP/R3. The Mysql services are also made available for you. Choose among the Mysql training for database solutions, Mysql certification for the Developers and DBAs, Mysql consulting and support. It makes no difference if you are new in the database technology or a skilled developer of DBA, Mysql proposes services of all sorts for their customers. -------------------------------------------------------------------------------------------------------------------- Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170 Host IP : 213.136.52.29 Web Server : Apache/2.2.15 (Fedora) Powered-by : PHP/5.2.13 Injection Type : MySQL Blind Current DB : web Data Bases: information_schema bk certification c?ashme cust_sync_interim customer dbasavings downloads feedback glassfish_interface intranet kaj license_customers manual manual_search mem mysql mysqlforge mysqlweb news_events partner_t?aining partners partners_bak phorum5 planetmysql qa_contribution quickpoll robin rp sampo sampo_interface sessions softrax softrax_interim solutions tco test track track_refer wb web web_control web_projects web_training webwiki wordpress zack Current DB: web Tables xing_validation v_web_submissions userbk user_extra user Columns: cwpid version lead_quality sfid industry address2 created last_modified lang notify newsletter gid title fax cell phone country zipcode state city address business company position lastname firstname passwd verified bounces email user_id us_zip_state us_area_state unsub_log trials trial_external_log trial_data trial_alias training_redirect tag_blacklist tag_applied tag support_feeds_DROP support_entries_DROP states snapshots_builds snapshots sakilapoints regions quote_customer quote quicklinks promo product_releases position partner paper_lead paper_details_options paper_details_old paper_details paper newsletter_unsub nav_sites nav_items mysql_history mirror_status mirror_country mirror_continent mirror mailing_list_member mailing_list locks lead_validity_rules lead_source_xref lead_source_external lead_source lead_routing_rule lead_rep lead_old lead_note lead_extra_old lead_extra_new lead_extra lead_companies lead_campaign_member lead language_strings language_modules imagecache hall_of_fame g_search_term g_search_data g_blog_data forum_comment forms field_xref field_options field_match email_blacklist email_a_friend drpl_manual_review drpl_denied drpl_check_log drpl_cache customer_meta_sets customer_meta_set customer_meta customer coupon_product coupon_campaign_attribute coupon_campaign coupon country countries campaign_type campaign_topic campaign_score campaign_listdata campaign_detail business bounces Database : mysql Table: user_info user Column: Update_pri Insert_priv Select_priv Password User Host time_zone_transition_type time_zone_transition time_zone_name time_zone_leap_second time_zone tables_priv slow_log ?ervers procs_priv proc plugin ndb_binlog_index inventory host help_topic help_relation help_keyword help_category general_log func event db columns_priv # mysql.user Data Password User Host wembaster % monitor 10.% sys % sys localhost *06581D0A5474DFF4D5DA3CE0CD7702FA52601412 forumread % *0702AEBF8E92A002E95D40247776E1A67CD2CA3F wb % *2A57F767D29295B3CB8D01C760D9939649483F85 flipper 10.% *32F623705BFFFE682E7BD18D5357B38EF8A5BAA9 wordpress % *66A905D4110DF14B41D585FDBCE0666AD13DD8C1 nagios % *704EB56151317F27573BB4DDA98EDF00FFABAAF8 root localhost *ED1BDC19B08FD41017EE180169E5CEB2C77F941A mysqlforge % *FD75B177FFEC3590FE5D7E8459B3DDC60AE8147B webleads 10.% 00680dd718880337 olof % 077f61a849269b62 qa_r % 077f61a849269b62 qa_rw % 077f61a849269b62 qa_adm % 0c2f46ba6b87d4ea trials_admin 10.% 1856b9b03b5a6f47 cacti % 19519e95545509b5 certification % 1a39dcad63bbc7a6 gf_mschiff % 2277fd7d562ec459 webslave localhost 2277fd7d562ec459 webslave % 304404b114b5516c planetmysql_rw % 35e376451a87adb0 planetmysql_ro % 4e203d581b756a93 webmaster localhost 4e203d581b756a93 webmaster % 4e93479179a8ec93 sysadm % 575ec47e16c7e20e phorum5 % 575ec47e16c7e20e lenz % 5f340ec40a706f64 robin % 61113da02d2c97a5 regdata % 616075f256f111ba myadmin 10.100.6.44 61711eea3de509ac merlin 127.0.0.1 6302de0909a369a1 ebraswell % 6b72b2824cc7f6fe mysqlweb % 6ffd2b17498cdd44 zack % 70599cf351c6f591 repl % 740284817e3ed5a8 webwiki % 74c5529b41a97cc2 web_projects Databsae: web_control Table: system system_command service_request run_control request_daemon rebuild_server rebuild_queue rebuild_control quarterly_lead_report newsletter_log newsletter_control ips hosts Columns:notes description name dns_servers Columns: name internal ip Database: certification Tables: signup corpcustomers certexamdata certcandidatedata certaccess Database: wordpress Tables: wp_4_term_taxonom wp_4_term_relationships wp_4_posts wp_4_postmeta wp_4_options wp_4_links wp_4_comments wp_3_terms wp_3_term_taxonomy wp_3_term_relationships wp_3_posts wp_3_postmeta wp_3_options wp_3_links wp_3_comments wp_2_terms wp_2_term_taxonomy wp_2_term_relationships wp_2_posts wp_2_postmeta wp_2_options wp_2_links wp_2_comments wp_1_terms wp_1_term_taxonomy wp_1_term_relationships wp_1_posts wp_1_postmeta wp_1_options wp_1_links wp_1_comments wp_11_terms wp_11_term_taxonomy wp_11_term_relationships wp_11_posts wp_11_postmeta wp_11_options wp_11_links wp_11_comments wp_10_terms wp_10_term_taxonomy wp_10_term_relationships wp_10_posts wp_10_postmeta wp_10_options wp_10_links wp_10_comments remove_queries Database: bk Table: wp_backupterm_taxonomy wp_backupterm_relationships wp_backupposts wp_backuppostmeta wp_backupoptions wp_backuplinks wp_backupcomments ----------------------------------------------------------------------------------- Signed : Jackh4xor ! Greetz : rooto, Mr.52, zone-hacker, w4ck1ng (In)Security -------------------------------------------------------------------------------------Current thread:_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- MySQL.com Vulnerable To Blind SQL Injection Vulnerability Jack haxor (Mar 27)
When an entire generation of computer users first poked our doe-eyed faces onto a young internet, many of us were greeted with a single, encompassing, monolithic face peering back: the AOL Home Screen. To call it a young internet isn't even fair—it was a mature, thriving AOL. It was ubiquitous, it was powerful, it was everything—and it ended up destroying itself, too flawed by design to last. And someone's trying to rebuild the Death Star.
How do we know nobody's learned shit since the days of the 56k Hindenburg? News like Warner Bros' decision to rent movies—starting with The Dark Knight—directly through Facebook. News like Rovio putting Angry Birds onto perhaps the only platform other than my dead grandfather's typewriter that doesn't yet support it—yup, Facebook. Which is just, really, wonderful! If there's one thing the internet is lacking right now, it's yet another fucking place to rent a movie for 48 hours for several bucks or play god damned Angry Birds. And it adds up—Facebook is reaching its tendrils into every single thing we like about the internet, far, far beyond the actual reasons we rolled up to Zuckerberg's site in the first place. IMing? Check. Email? Check. Photo sharing? Check. Apps? Check. Location check-ins? Yup. Twitter ripoff status updates? But of course! What Facebook hasn't stuffed into its maw by its own will, it's given developers plenty of incentive to do so themselves. The consequence? Over a decade after the web portal stopped making sense, Facebook is trying to assemble itself, like some ill-conceived Voltron, into the next.
After AOL began its decade-long implosion, gradually descending out of relevance, the real internet sprang up in the fertile mush that'd been left behind. AOL was hemorrhaging money like a hemophilic boxer, but the rest of us were having too much fun with the tools we'd be introduced to by this collapsing corpse to notice. IMing, emailing, video, websites, games—AOL didn't invent any of these things from thin air, but it brought them all together in one convenient (when you had a dial tone), hideously-90s Mecca. It was easy! It was slow! It was familiarly and comforting—and stifling. AOL's vision of the online world was what AOL deemed worthy of its walled topiary garden. It was closed—locked up tight. Integrated tightly, but, in retrospect, really pretty mediocre.
Now, I hear you: Facebook is different from AOL in at least two major ways. We're not saying these two things are exactly the same. Facebook is social, and we believe in a social internet because you can't fake the kind of content and recommendations that come from your friends. That's the engine in Facebook's growth. And secondly, Facebook is far from being as closed as AOL was, since it's a platform other companies can use. AOL didn't have either of those. But Facebook's still mediocre! Even if they're outsourcing a lot of that mediocrity (Dark Knight movie rentals) while keeping some of it in house (All of Facebook's messaging and whatever clones of popular services they're currently building). Even if it's your friends who are spamming you with next generation super pokes.
It's also mediocre, because no company online can be good at everything and so it's always ugly when they try. Which is why the the internet is great—we get to choose! Sites specialize! Want a trillion clips of obscura? YouTube! Want gorgeous music videos and mini-docs? Vimeo! Want to stream moves to every box and handset under the sun? Netflix is terrific!
But no. Facebook, realizing it has at least a few daily minutes of the attention of the most attention-impoverished step in our species' history, wants to be everything. It wants to be Netflix, it wants to be your Xbox, it wants to be Foursquare, it wants to be Gmail—Facebook wants to be the internet. Will you let it?
Illustration by Contributing Illustrator Sam Spratt. Become a fan of his Facebook Artist's Page and follow Sam on Twitter
The French Ministry of Finance has reportedly confirmed that it has become the victim of an internet attack, targeting documents related to the French presidency of the G20 and international economic affairs.
Paris Match magazine, which broke the story, claims that more than 150 computers at the ministry have been infilitrated by hackers since December, and numerous documents stolen.
Budget Minister Francois Baroin confirmed in a radio interview that an investigation was taking place into the attacks, claiming that it was "probably the first time" that the French government's computer systems had been hit on such a scale. He told Europe-1 that it was documents about the G20 that especially interested the hackers.
France holds the rotating leadership of the G20 this year and is hosting a series of meetings aimed at improving relations among the world's top economies, including the US and China.
France holds the presidency of the G20 this year, and is hosting meetings designed to improve relationships between the world's top economies. No doubt such hacking reports are sending a shiver down the spine of staff who work at the ministry building known to most people as Bercy.
According to the report, hackers were able to break into the Ministry's computers after emailing a malicious Trojan horse to users. Once the users were fooled into running the dangerous code, the hackers could access the computers remotely via a backdoor.
Inevitably the finger of suspicion is likely to point towards China for the hacking attack, but I think it's dangerous to conclude that a hack was state-endorsed unless there's definitive proof.
The truth is that proving the origin of a hack attack is complicated by the fact that cybercriminals can use compromised PCs owned by innocent people to act as a go-between when trying to break into someone's computer. In other words - yes, a Chinese computer might have tried to connect to yours, but it may be under the control of someone in, say, Great Britain.
We'd be naive to think that the Chinese (and just about every other country around the world) isn't using the internet for its political, commercial and military advantage, but we should be very cautious about making assumptions without having all the proof in front of us.
The lessons any business can learn: There is a new kind of scale out there. The historical mix of resources – capital, people, raw materials, knowledge are giving way to platforms that introduce new economies of scale as well as new vulnerabilities. People continue to speculate about the source of the denial of service attack – an emerging view is that it is a pro-Government attack from a regime where protesters are using Wordpress to gather support and distribute information. The impact of new economies of scale however is becoming more visible. Platform-based businesses, business that enable people (developers, customers, opinion formers) at low cost, are having a huge effect on the world around us.
