• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

MySQL.com compromised

March 27, 2011David Dede

FacebookTwitterSubscribe

MySQL.com (the official site for the MySQL database) was compromised via (shocking!) blind SQL injection. A post was sent today to the full disclosure list explaining the issue and dumping part of their internal database structure.

Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170
Host IP : 213.136.52.29
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : web


It seems their customer view application was used as the entry point. This is where the attackers were able to list the internal databases, tables and password dump. If you have an account on MySQL.com, we recommend changing your passwords ASAP (especially if you like to reuse them across multiple sites).

What is worse is that they also posted the password dump online and some people started to crack it already. Some of the findings are pretty bad, like the password used by MySQL’s Director of Product Management, it is only 4 numbers long. Multiple admin passwords for blogs.mysql.com were also posted.

The folks at MySQL have yet to say anything about this attack, but we will post more details as we learn more about it.

FacebookTwitterSubscribe

Categories: Website SecurityTags: Hacked Websites

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  1. Uncle Sam

    March 27, 2011

    Shocked 😎

  2. aerdan

    March 27, 2011

    Irony, thy name is MySQL.

  3. Rob

    March 27, 2011

    It is amazing how many big names on the web were hacked in recent times:

    #google
    #comodo
    #rsa (emc)
    #gawker
    #sourceforge
    #php
    #apache
    #tripadvisor
    #mysql

    Did I miss some?

  4. jaredstenquist

    March 27, 2011

    If someone is smart enough to build it, someone is smart enough to break it.

  5. That Spanish Guy

    March 27, 2011

    @ first i thought it was an early 0401 joke but it seems to be real

  6. Chris

    March 28, 2011

    the bigger the target the more people will want to bring it down just to prove they can. what gets me is that if you wanna break it for personal gain, do it, use what you find. i don’t get the point in posting the passwords from these sites on the interwebs for schmucks who can’t steal it themselves. people need to regain some pride at least. i forget where i heard it, but “keep what you kill” comes to mind.

  7. Blah

    March 28, 2011

    alert(‘dumb test’);

  8. Mahen Nowzadick

    March 28, 2011

    ACHEIVEMENT UNLOCKED!!!

  9. Aaron

    March 28, 2011

    “What is worse is that they also posted the password dump online and some people started to crack it already.”

    For the idiot who written this: You can’t start to extract in 10 min so many things via BSQLi.
    If you read his post from: http://tinkode27.baywords.com/mysql-com-fr-it-de-jp-full-disclosure-hacked-by-tinkode-and-ne0h/ you can see that he found this vuln by long time ago, and had access to these accounts. DOH, idiots…

  10. Gueston

    March 28, 2011

    One thing I don’t understand: the dump contains the password hash and (in a few cases) the cracked password. How were they able to crack it from the hash?
    I mean, they could’ve found a password what would generate that hash, but they actually found the original key.

    • Michael Ebens

      March 28, 2011

      I’m guessing they used a rainbow attack. They simply work out the hashing algorithm used, and then proceed to try different passwords. They would usually start with the most common passwords, and then may proceed to try randomly put together passwords. If the hashes match, they’ve got the password.

      If this was the attack they used, then either MySQL.com didn’t use salt on their passwords (bad idea) or the hackers got access to the salt.

      • Anon

        March 30, 2011

        What the…

        • Tlringer

          April 1, 2011

          http://en.wikipedia.org/wiki/Rainbow_table

          http://en.wikipedia.org/wiki/Salt_(cryptography)

  11. Faris M a

    January 6, 2012

    my sql projects and my sql online live interactive training at http://bit.ly/wXKHod

  12. Vishwas Soni

    October 29, 2012

    Just check it out sql-injection-tutorial…..
    http://freaktrickz.wordpress.com/2012/09/27/sql-injection-tutorial-website-hacking/

  13. Vishwas Soni

    October 29, 2012

    https://freaktrickz.wordpress.com/

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.