In Ironic Twist, MySQLs Own Database Is Hacked Via SQL Injection

  /     /     /  
Publicated : 22/11/2024   Category : security

In Ironic Twist, MySQLs Own Database Is Hacked Via SQL Injection


Open-source database companys customer names, passwords revealed following database attack


Hackers have posted an
email to the Full-Disclosure mailing list
that describes the breach of numerous MySQL websites, along with information from MySQLs database, including usernames and passwords.
Details on vulnerabilities in the websites of Sun Microsystems
, MySQLs parent company, were also released by the same group of hackers.
MySQL, which offers open-source database software and services for enterprises, is a leading provider of tools for small and midsize businesses. In an ironic twist, the attackers used a database-borne tactic -- SQL injection -- to reveal elements of the database companys own database of users and employees, including email addresses and passwords.
The SQL injection attack was initially found by TinKode and Ne0h of Slacker.Ro, according to a posting of some of the stolen data on pastebin.com. The data was subsequently published by Jackh4x0r.
Among the published data are tables with customer and partner information as well as internal network details. Hashes from the database -- some already broken -- also were posted.
It does not appear to be a vulnerability in the MySQL software, but rather flaws in the implementation of their websites, said Chester Wisniewski, senior security adviser at Sophos, in a
blog about the breach
.
A posting on XSSed.com also gives details on a cross-site scripting (XSS) vulnerability affecting MySQL.com since early January that reportedly still has not been repaired.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
In Ironic Twist, MySQLs Own Database Is Hacked Via SQL Injection