MySQL website comprimised by blind SQL injection attack
I found this new story to be quite ironic: http://www.h-online.com/security/news/item/MySQL-allegedly-hacked-via-SQL-injection-1216281.html
Apparently the public facing mysql.com site was attacked through a blind SQL injection attack: ( https://secure.wikimedia.org/wikipedia/en/wiki/SQL_injection#Blind_SQL_injection ) and the internal database structure published by the hacker as proof.
It really shows why Injection is #1 on the OWASP Top 10 list ( http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project ) when a large SQL vendor (Owned by Oracle) can’t even protect against Blind SQL Injection on their public facing site!
Reply