MySQL.com (the official site for the MySQL database) was compromised via (shocking!) blind SQL injection. A post was sent today to the full disclosure list explaining the issue and dumping part of their internal database structure.
Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170
Host IP : 126.96.36.199
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : web
So their customer view application was used as the entry point, where the attackers were able to list the internal databases, tables and password dump…
What is worse is that they also posted the password dump online and some people started to crack it already. Some of the findings are pretty bad, like that the password used by the MySQL director of product management is only 4 numbers (6661).
We will post more details as we learn more about it.
脱毛って医療脱毛とサロンどっちを選ぶのが良いの？ - 光とレーザー ムダ毛処理は本当に面倒、それでなくても忙しくて脱毛してる時間なんて … 続きを読む →
1 anno fa