Sun.com, MySQL.com Hacked, SQL Injection Attack
The same hackers who exposed all the databases running on MySQL.com attacked Sun.com.
The Rumanian hackers, "TinKode" and "Ne0h" compromised two Sun subdomains, including www.reman.sun.com and www.ibb.sun.com, according to a blog post on March 27. Using a SQL injection attack, TinKode was able to obtain table names, column names and email addresses stored in one of the tables. It’s not clear at this point whether TinKode compromised any passwords on the Sun.com site or if this information is being held back for some reason.
TinKode has been busy in recent days going after MySQL databases. According to TinKode’s Bay Words blog, TinKode used the SQL injection attack on MySQL.com March 27 and on ESET’s Rumanian page March 20.
The problem was not with the open-source database software, but with the way the Website was coded, Chester Wisniewski, a Sophos senior security advisor, wrote on the Naked Security blog.
In the blind SQL injection attack on MySQL.com, the same hackers managed to expose database names, tables, columns, user accounts and passwords. Along with administrator passwords for the databases, the hackers managed to expose WordPress blog passwords that had been stored in the tables.
It’s not clear whether the same vulnerability existed on both sites. SQL injection vulnerabilities allow remote attackers to compromise databases through the Website by inserting malicious SQL code into input fields, such as Web forms. If the application doesn’t handle the code correctly, it is passed to the database, which executes the command and returns the results to the browser for the attacker to see.
"Auditing your Websites for SQL injection is an essential practice, as well as using secure passwords," Wisniewski wrote. "Either can lead you down a road that ends in tears."
Both MySQL.com and Sun.com have a number of unfixed cross-site-scripting vulnerabilities on their sites, according to XSSed.com, where security researchers and hackers submit found XSS flaws. Both domains had issues that were discovered as recently as January. It is not clear if attackers combined the XSS flaws with the SQL injection attacks.
For more, read the eWEEK article: Oracle's Sun.com Hit Along with MySQL.com in SQL Injection Attack.