Web application의 취약성으로 인해 DB 정보가 유출 되었군요. Oracle에 인수된 Mysql 과 Sun 모두 Blind sql injection으로 인해 기업의 중요 정보가 유출 되었습니다. 참고적으로 볼만 하네요. 세계적인 IT 대기업조차 이런 상황입니다. 이걸 찾아내고 문제점을 검증하고 개발자가 개발시에 웹 어플리케이션의 취약성을 사전 인지 할 수 있도록 하는 것이 제가 만든 서비스의 기본 모토입니다.
특히 Web의 경우는 개발기간이 짧고 변화가 많아 기존의 SDLC로는 커버가 안됩니다. 새로운 방향의 개발 보안 프로세스가 필요하고 거기에는 시간과 접근성, 비용이 모두 효과적이고 효율적인 서비스로서의 접근이 타당하다는 생각입니다.
Malware link detect service 와 Web application scan service는 둘 다 웹상에서 접근하고 확인할 수 있도록 되어 있습니다. 두 서비스가 IT 세상을 또 극적으로 바꿀 것입니다.
* DB 정보를 볼 수 있으려면 이미 권한은 획득한 것이고 여기에서 악성코드 유포나 백도어가 만들어 지는 것도 특별한 일은 아니겠죠. mysql.com만 해도 어마어마한 방문자 리스트를 가질테니 말입니다.
http://nakedsecurity.sophos.com/2011/03/27/mysql-com-and-sun-hacked-through-sql-injection/
특히 Web의 경우는 개발기간이 짧고 변화가 많아 기존의 SDLC로는 커버가 안됩니다. 새로운 방향의 개발 보안 프로세스가 필요하고 거기에는 시간과 접근성, 비용이 모두 효과적이고 효율적인 서비스로서의 접근이 타당하다는 생각입니다.
Malware link detect service 와 Web application scan service는 둘 다 웹상에서 접근하고 확인할 수 있도록 되어 있습니다. 두 서비스가 IT 세상을 또 극적으로 바꿀 것입니다.
* DB 정보를 볼 수 있으려면 이미 권한은 획득한 것이고 여기에서 악성코드 유포나 백도어가 만들어 지는 것도 특별한 일은 아니겠죠. mysql.com만 해도 어마어마한 방문자 리스트를 가질테니 말입니다.
http://nakedsecurity.sophos.com/2011/03/27/mysql-com-and-sun-hacked-through-sql-injection/
Proving that no website is ever truly secure, it is being reported that MySQL.com has succumbed to a SQL injection attack. It was first disclosed to the Full Disclosure mailing list early this morning. Hackers have now posted a dump of usernames and password hashes to pastebin.com.
Most embarrassingly, the Director of Product Management's WordPress password was set to a four digit number... his ATM PIN perhaps? Several accounts had passwords like "qa". The irony is that they weren't compromised by means of their ridiculously simple passwords, but rather flaws in the implementation of their site.
MySQL's parent company Sun/Oracle has alsobeen attacked. Both tables and emails were dumped from their databases, but no passwords.
It does not appear to be a vulnerability in the MySQL software, but rather flaws in the implementation of their websites.
Auditing your websites for SQL injection is an essential practice, as well as using secure passwords.
Either can lead you down a road that ends in tears. If you haven't reviewed your web coding practices, this might be a good time to perform an audit of your public-facing assets to be sure your organization won't become the next headline.
It was noted on Twitter that mysql.com is also subject to an XSS (cross-site scripting) vulnerability that was reported in January 2011 and has not been remedied.
http://seclists.org/fulldisclosure/2011/Mar/309?utm_source=twitterfeed&utm_medium=twitter --------------------------------------------------------------------------------------- [+] MySQL.com Vulnerable To Blind SQL Injection vulnerability [+] Author: Jackh4xor @ w4ck1ng [+] Site: http://www.jackh4xor.com --------------------------------------------------------------------------------------- About MySQL.com : -------------------------------------------------------------------------------------------------------------------- The Mysql website offers database software, services and support for your business, including the Enterprise server, the Network monitoring and advisory services and the production support. The wide range of products include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net, visual database tools (query browser, migration toolkit) and last but not least the MaxDB- the open source database certified for SAP/R3. The Mysql services are also made available for you. Choose among the Mysql training for database solutions, Mysql certification for the Developers and DBAs, Mysql consulting and support. It makes no difference if you are new in the database technology or a skilled developer of DBA, Mysql proposes services of all sorts for their customers. -------------------------------------------------------------------------------------------------------------------- Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170 Host IP : 213.136.52.29 Web Server : Apache/2.2.15 (Fedora) Powered-by : PHP/5.2.13 Injection Type : MySQL Blind Current DB : web Data Bases: information_schema bk certification c?ashme cust_sync_interim customer dbasavings downloads feedback glassfish_interface intranet kaj license_customers manual manual_search mem mysql mysqlforge mysqlweb news_events partner_t?aining partners partners_bak phorum5 planetmysql qa_contribution quickpoll robin rp sampo sampo_interface sessions softrax softrax_interim solutions tco test track track_refer wb web web_control web_projects web_training webwiki wordpress zack Current DB: web Tables xing_validation v_web_submissions userbk user_extra user Columns: cwpid version lead_quality sfid industry address2 created last_modified lang notify newsletter gid title fax cell phone country zipcode state city address business company position lastname firstname passwd verified bounces email user_id us_zip_state us_area_state unsub_log trials trial_external_log trial_data trial_alias training_redirect tag_blacklist tag_applied tag support_feeds_DROP support_entries_DROP states snapshots_builds snapshots sakilapoints regions quote_customer quote quicklinks promo product_releases position partner paper_lead paper_details_options paper_details_old paper_details paper newsletter_unsub nav_sites nav_items mysql_history mirror_status mirror_country mirror_continent mirror mailing_list_member mailing_list locks lead_validity_rules lead_source_xref lead_source_external lead_source lead_routing_rule lead_rep lead_old lead_note lead_extra_old lead_extra_new lead_extra lead_companies lead_campaign_member lead language_strings language_modules imagecache hall_of_fame g_search_term g_search_data g_blog_data forum_comment forms field_xref field_options field_match email_blacklist email_a_friend drpl_manual_review drpl_denied drpl_check_log drpl_cache customer_meta_sets customer_meta_set customer_meta customer coupon_product coupon_campaign_attribute coupon_campaign coupon country countries campaign_type campaign_topic campaign_score campaign_listdata campaign_detail business bounces Database : mysql Table: user_info user Column: Update_pri Insert_priv Select_priv Password User Host time_zone_transition_type time_zone_transition time_zone_name time_zone_leap_second time_zone tables_priv slow_log ?ervers procs_priv proc plugin ndb_binlog_index inventory host help_topic help_relation help_keyword help_category general_log func event db columns_priv # mysql.user Data Password User Host wembaster % monitor 10.% sys % sys localhost *06581D0A5474DFF4D5DA3CE0CD7702FA52601412 forumread % *0702AEBF8E92A002E95D40247776E1A67CD2CA3F wb % *2A57F767D29295B3CB8D01C760D9939649483F85 flipper 10.% *32F623705BFFFE682E7BD18D5357B38EF8A5BAA9 wordpress % *66A905D4110DF14B41D585FDBCE0666AD13DD8C1 nagios % *704EB56151317F27573BB4DDA98EDF00FFABAAF8 root localhost *ED1BDC19B08FD41017EE180169E5CEB2C77F941A mysqlforge % *FD75B177FFEC3590FE5D7E8459B3DDC60AE8147B webleads 10.% 00680dd718880337 olof % 077f61a849269b62 qa_r % 077f61a849269b62 qa_rw % 077f61a849269b62 qa_adm % 0c2f46ba6b87d4ea trials_admin 10.% 1856b9b03b5a6f47 cacti % 19519e95545509b5 certification % 1a39dcad63bbc7a6 gf_mschiff % 2277fd7d562ec459 webslave localhost 2277fd7d562ec459 webslave % 304404b114b5516c planetmysql_rw % 35e376451a87adb0 planetmysql_ro % 4e203d581b756a93 webmaster localhost 4e203d581b756a93 webmaster % 4e93479179a8ec93 sysadm % 575ec47e16c7e20e phorum5 % 575ec47e16c7e20e lenz % 5f340ec40a706f64 robin % 61113da02d2c97a5 regdata % 616075f256f111ba myadmin 10.100.6.44 61711eea3de509ac merlin 127.0.0.1 6302de0909a369a1 ebraswell % 6b72b2824cc7f6fe mysqlweb % 6ffd2b17498cdd44 zack % 70599cf351c6f591 repl % 740284817e3ed5a8 webwiki % 74c5529b41a97cc2 web_projects Databsae: web_control Table: system system_command service_request run_control request_daemon rebuild_server rebuild_queue rebuild_control quarterly_lead_report newsletter_log newsletter_control ips hosts Columns:notes description name dns_servers Columns: name internal ip Database: certification Tables: signup corpcustomers certexamdata certcandidatedata certaccess Database: wordpress Tables: wp_4_term_taxonom wp_4_term_relationships wp_4_posts wp_4_postmeta wp_4_options wp_4_links wp_4_comments wp_3_terms wp_3_term_taxonomy wp_3_term_relationships wp_3_posts wp_3_postmeta wp_3_options wp_3_links wp_3_comments wp_2_terms wp_2_term_taxonomy wp_2_term_relationships wp_2_posts wp_2_postmeta wp_2_options wp_2_links wp_2_comments wp_1_terms wp_1_term_taxonomy wp_1_term_relationships wp_1_posts wp_1_postmeta wp_1_options wp_1_links wp_1_comments wp_11_terms wp_11_term_taxonomy wp_11_term_relationships wp_11_posts wp_11_postmeta wp_11_options wp_11_links wp_11_comments wp_10_terms wp_10_term_taxonomy wp_10_term_relationships wp_10_posts wp_10_postmeta wp_10_options wp_10_links wp_10_comments remove_queries Database: bk Table: wp_backupterm_taxonomy wp_backupterm_relationships wp_backupposts wp_backuppostmeta wp_backupoptions wp_backuplinks wp_backupcomments ----------------------------------------------------------------------------------- Signed : Jackh4xor ! Greetz : rooto, Mr.52, zone-hacker, w4ck1ng (In)Security -------------------------------------------------------------------------------------
'Security Indicator > Insight' 카테고리의 다른 글
| 거인의 몰락 (소니) (0) | 2011.05.26 |
|---|---|
| 2년 후의 사이버 보안에 대하여 - 미국 (0) | 2011.04.20 |
| 악성코드의 반복적인 발생과 대규모 유포의 원인 (0) | 2010.12.06 |
| Facebook 사건과 8억달러의 벌금 - 기사분석 (12) | 2010.10.07 |
| Stuxnet? 아직 본게임은 시작도 안했다. (0) | 2010.10.01 |
