two hackers named TinKode and Ne0h successfully on the MySQL.com website's sensitive information, MySQL.com is a popular open source database Web site.
hackers using blind SQL injection attack exploits Web site, and disclosure of the full disclosure mailing list (The Full Disclosure Mailing List) on the breach detail.
in 2009 acquisition of Sun Microsystems, and new acquisition of MySQL by Oracle in the database sector, has not recognized these irregularities. On the Web, SQL injection attacks exploit website vulnerabilities are common. These vulnerabilities can allow an attacker to execute the query in the database, such as the request operation. If the database returns an error, a smart hacker can use this information to gain wider access, access to the server that contains the basic data.
in the hacker in the sharing of data, some being cracked password hash to reveal full details of the mySQL.com website account login, including the former Director of product management of Robin Schumacher WordPress account login details and former Vice President of community relations, Kaj Arnö login information.
some password reveal simple phrases. Schumacher sets the password to four short digital, and three numbers are repeating. Hackers also published a number of other password hash table of the database table.
for Sun.com Web site information is published. Data contained in a series of columns, tables and Sun site database for a SQL injection attack. These defects seems to reveal the password, but it does show a number of company mail address.
although some embarrassing, but I have to say, this vulnerability is not a vulnerability in MySQL database management system software, but Web site coding vulnerabilities, Chester Wisniewski Naked in the Sophos Security wrote in the blog, he is a senior security consultant.
Wisniewski said, MySQL Web sites are vulnerable to ancross site script (XSS) vulnerabilities, the vulnerability was published in January 2011, but so far the vulnerability has not been resolved. &Amp;ldquo; SQL injection audit on your Web site is very important, and you want to use secure password, ” Wisniewski, wrote “ otherwise, these attacks will make you despair. ”
