, named TinKode and Ne0h two hackers have successfully access to sensitive information on the MySQL.com website, MySQL.com is a popular open source database website.
hackers using SQL blind note attack intrusion site, and leaked details of the full disclosure mailing list (The Full Disclosure Mailing) on the details.
acquired Sun Microsystems in 2009, recently acquired a new database of MySQL’s Oracle Corp, has not yet recognized these violations. On the web site, SQL injection attacks exploit site vulnerability is very common. These vulnerabilities allow an attacker to perform a query in the database, and some other requests. If an error is returned by the database, the smart hacker can use this information to get a wider access to the server that contains the basic data.
hackers share data, some are full details to crack the password hash can reveal mySQL.com website login account, including the former director of product management Robin Schumacher WordPress account login details as well as the former vice president of community relations Kaj Arnö login information.
some passwords reveal simple phrases. Schumacher sets the password to four simple numbers, and the three number is repeated. Hackers also released a number of other database tables do not have a password hash table.
information about Sun.com site is also released. The data contains a series of columns, tables, and a database of Sun sites that are subject to SQL injection attacks. These seem to reveal only the flaws of the password, but it does show some of the company’s e-mail address.
is somewhat awkward, but had to admit that this vulnerability is not MySQL database management system software vulnerabilities, but the website of the Chester Wisniewski encoding loopholes, wrote in the Sophos Naked Security blog in this way, he is a senior security consultant.
Wisniewski said, MySQL website is also vulnerable to ancross site scripting (XSS) vulnerability, the vulnerability was announced in January 2011, but so far the vulnerability has not been resolved. "It’s very important to have a SQL audit on your site, and you want to use a secure password," Wisniewski wrote. "Otherwise, these attacks can make you feel desperate."