₦airaland Forum

Welcome, Guest: RegisterLoginWith GoogleTrendingRecentNew

Stats: 3,330,598 members, 8,446,234 topics. Date: Thursday, 16 July 2026 at 09:49 AM

Toggle theme

Mysql.com Vulnerable To Blind Sql Injection Vulnerability - Webmasters - Nairaland

Nairaland ForumScience/TechnologyWebmastersMysql.com Vulnerable To Blind Sql Injection Vulnerability (1945 Views)

1 Reply (Go Down)

Mysql.com Vulnerable To Blind Sql Injection Vulnerability by Slyr0x(op): 11:21pm On Mar 27, 2011
Allow me to point out a little bit of irony in this headline , a website for one of the more popular open-source database alternatives gets completely compromised using blind SQL Injection. Ouch.


Someone going by the moniker "Jack haxor" posted this to the Full Disclosure mailing list just a little while ago , giving a nice explanation of what's happened and more importantly where the vulnerable target page is (customers/view/index.html) so others can go and play for themselves.


MySQL has (as of this writing) not issued a statement yet , which probably means they're scrambling to close up and clean up the mess , whatever that mess may be. Did the attacker get into anything more than just the databases behind the website? Maybe we'll know, maybe we won't -but this is at very least very unsettling for the open-source database organization. Hopefully they have clean, check-summed backups, right?



Oh, and if you're interested in seeing the handywork that resulted from this compromise , check out this pastebin.com link , I swear I had nothing to do with that rabbit/hat graphic.



Some take-aways from this one ,

1. Never re-use passwords across too many websites of different security levels
2. Use complex pass-phrases as much as possible so they're harder to crack
3. Back up, then check-sum your backups and keep them off offline in case you need a restore point
4. Hiding the SQL error from an attacker will still get you compromised (blind SQL injection)
5. Check your code , attackers don't sleep, and won't spare you just because you're an open-source, charitable project
6. It can happen to anyone, anywhere at any time

link ---> http://h30501.www3.hp.com/t5/Following-the-White-Rabbit-A/MySQL-WebSite-Hacked-by-Ironically-Blind-SQL-Injection/ba-p/25359
Re: Mysql.com Vulnerable To Blind Sql Injection Vulnerability by Slyr0x(op): 11:26pm On Mar 27, 2011
Re: Mysql.com Vulnerable To Blind Sql Injection Vulnerability by ogzille(m): 8:53am On Mar 28, 2011
nawa o!!!
Re: Mysql.com Vulnerable To Blind Sql Injection Vulnerability by WebMonk(m): 10:33am On Mar 28, 2011
I guess there are no exceptions
Re: Mysql.com Vulnerable To Blind Sql Injection Vulnerability by Slyr0x(op): 8:53pm On Mar 28, 2011
ogzille:
nawa o!!!
Na cRious wa. .

WebMonk:
I guess there are no exceptions
No exceptions o0. . .Check http://www.zone-h.org/archive/special=1
Re: Mysql.com Vulnerable To Blind Sql Injection Vulnerability by Nobody: 12:48am On Mar 31, 2011
this is serious.

obviously these guys dont have "give up" in their books
i get at least 2 attacks daily on one of my age long projects, not a popular website

What happens if it's popular?
1 Reply

Over A Million Web Sites Affected In Mass Sql Injection AttackFacebook Vulnerable To Html InjectionQuick Sql Injection Vulnerability Test234

What Online Ads Do You Use? And Have They Worked For You?Let’s Design Your Awesome Investment WebsiteUnderstanding Colour Schemes In Web Design