Results 1 to 4 of 4
  1. #1

    MySQL.com Database Compromised By Blind SQL Injection

    An was sent out earlier today on the mailing list, detailing the compromise of numerous MySQL websites along with portions of their containing usernames and passwords.
    MySQL offers database software and services for businesses at an enterprise level as well as services for online retailers, web forums and even governments. The vulnerability for the attack, completed using blind SQL injection and targeted including MySQL.com, MySQL.fr, MySQL.de and MySQL.it, was initially found by "TinKode" and "Ne0h" of Slacker.Ro (according to their pastebin.com/BayvYdcP dump of the stolen credentials) but published by "Jackh4x0r".
    Source: http://techie-buzz.com/tech-news/mys...injection.html

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Laugh. Surprising that they weren't checking user input / sanitizing everything before inputting the data into their MySQL database. There's absolutely no reason these days that SQL injection attacks should work, IMO, it all comes down to sloppy programming and piss poor auditing. Something you wouldn't expect from MySQL / Oracle...
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  3. #3
    So is v5.5.10 safe to use? it sounds like it was just the website itself and not MySQLd.

  4. #4
    Join Date
    Jul 2009
    Location
    Indiana
    Posts
    2,193
    Quote Originally Posted by dsmythe View Post
    So is v5.5.10 safe to use? it sounds like it was just the website itself and not MySQLd.
    SQL injection isn't a db server issue, it's an application one.
    Sam Barrow - CEO @ SQUIDIX (1-855-SQUIDIX)
    Ask Us About Sponsoring Your Web Site (High Traffic Sites Only)
    Squidix - Shared, Reseller, Semi-Dedicated, Managed VPS and Managed Dedicated Hosting
    Midwestern Web - Web Design & Development Services

Similar Threads

  1. How to retrive MySQL backup of sinle database from the combined all.sql in linux
    By sunbabal7 in forum Hosting Security and Technology
    Replies: 11
    Last Post: 08-12-2009, 07:07 AM
  2. How To Protect MySQL Database From My SQL Injection Attacks ?
    By gillboss in forum Hosting Security and Technology
    Replies: 3
    Last Post: 04-12-2009, 02:35 AM
  3. SQL Injection question - php/mysql
    By Goldfiles in forum Programming Discussion
    Replies: 12
    Last Post: 04-12-2008, 01:27 PM
  4. SQL and MySQL remote database hosting, lowest prices in the world
    By 75Host in forum Other Web Hosting Related Offers
    Replies: 0
    Last Post: 07-21-2004, 01:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •