MySQL.com site compromised through SQL injection
Offsite MySQL DBMS yesterday hacked by two intruders through a banal SQL injection. The link published a report on hacking and laid out some parts of the internal structure of the database, dump passwords, etc.
Worst of all, user passwords have already gone into development , including the decrypted password of the director of product development for MySQL (only four characters), the passwords of numerous admins on the forum, etc. So if you have an account on MySQL.com, it is recommended to urgently change the registration data.
By the way, the same two attackers simultaneously hacked and Sun.com in the same way .
Vulnerable Target : mysql.com/customers/view/index.html?id=1170
Host IP : 213.136.52.29
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : webWorst of all, user passwords have already gone into development , including the decrypted password of the director of product development for MySQL (only four characters), the passwords of numerous admins on the forum, etc. So if you have an account on MySQL.com, it is recommended to urgently change the registration data.
By the way, the same two attackers simultaneously hacked and Sun.com in the same way .
')
Source: https://habr.com/ru/post/116333/
All Articles