GhostShell Haunts Websites With SQL Injection

Admin and user accounts from websites breached and posted online

A hacker gang claims to have leaked more than a million user accounts from some 100 websites worldwide, and its weapon of choice appears to mainly be good ol SQL injection.
The GhostShell gang on Saturday posted online what it claims are accounts and records from various financial services, consulting firms, academia, law enforcement, and the CIA. Team GhostShells final form of protest this summer against the banks, politicians and for all the fallen hackers this year, the post said in part. One million accounts/records leaked. We are also letting everyone know that more releases, collaborations with Anonymous and other, plus two more projects are still scheduled for this fall and winter. Its only the beginning.
Researchers at Imperva say the attackers appear to have employed mostly SQL injection, but also exploited weak passwords and vulnerable content management systems. The attackers used the popular SQLmap tool, and some of the hacked databases included more than 30,000 records.
The attackers grabbed admin credentials, usernames and passwords, and files. And the passwords show the usual ‘123456’ problem. However, one law firm implemented an interesting password system where the root password, ‘law321’ was pre-pended with your initials. So if your name is Mickey Mouse, your password is ‘mmlaw321’. Worse, the law firm didn’t require users to change the password, Rob Rachwald, director of security for Imperva
said in a blog post last night
.
Rachwald says many of the files came from CMS systems. A very large portion of these files come from content management systems (CMS), which likely indicates that the hackers exploited the same CMS with a vulnerability in it that allowed a hacker to target it. However, a lot of the stolen content did NOT include any sensitive information, he says.
The main targets were banks, consulting firms, government agencies, and manufacturing companies, according to Impervas findings.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
GhostShell Haunts Websites With SQL Injection